Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
Not invoking a call to pam_acct_mgmt after a call to pam_authenticate to check the validity of a login can lead to an authorization bypass. Impact: Exploitability: The attack can be carried over the network. A complex non-standard configuration or a specialized condition is required for the attack to be successfully conducted. The attacker also requires access to a users credentials, be it expired, for an attack to be successful. There …