Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering password as the password.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mod_nss | Mod_nss_project | 1.0.8 (including) | 1.0.8 (including) |
| Red Hat Enterprise Linux 5 | RedHat | mod_nss-0:1.0.8-7.el5 | * |
| Red Hat Enterprise Linux 6 | RedHat | mod_nss-0:1.0.8-13.el6 | * |
| Libapache2-mod-nss | Ubuntu | artful | * |
| Libapache2-mod-nss | Ubuntu | bionic | * |
| Libapache2-mod-nss | Ubuntu | cosmic | * |
| Libapache2-mod-nss | Ubuntu | esm-apps/bionic | * |
| Libapache2-mod-nss | Ubuntu | esm-apps/xenial | * |
| Libapache2-mod-nss | Ubuntu | precise | * |
| Libapache2-mod-nss | Ubuntu | quantal | * |
| Libapache2-mod-nss | Ubuntu | raring | * |
| Libapache2-mod-nss | Ubuntu | saucy | * |
| Libapache2-mod-nss | Ubuntu | trusty | * |
| Libapache2-mod-nss | Ubuntu | upstream | * |
| Libapache2-mod-nss | Ubuntu | utopic | * |
| Libapache2-mod-nss | Ubuntu | vivid | * |
| Libapache2-mod-nss | Ubuntu | wily | * |
| Libapache2-mod-nss | Ubuntu | xenial | * |
| Libapache2-mod-nss | Ubuntu | yakkety | * |
| Libapache2-mod-nss | Ubuntu | zesty | * |