Yup, its true. Even though this has nothing to do with Windows, I thought it was interesting enough to where it was worth posting. While it has been recently patched, users of Linux-PAM could be able to exploit a vulnerability that would actually outsmart the authentication process. It would be interesting to see how many hackers actually took advantage of this.

An update from the developers of Linux-PAM fixes a vulnerability which could be exploited to outsmart the authentication process. The error was located in the function _unix_verify_password in the modules/pam_unix/support.c module. According to the error report, this made it possible, under certain circumstances, to log onto an account using any password. This circumstance only occurred, however, if the password hash in the /etc/passwd file or in /etc/shadow consisted of two exclamation marks (!!) or similar. Under Red Hat, for example, two exclamation marks are entered as the hash when an account is created until a password has been entered - the account should actually be blocked until this is done.[more]

Tags: Bugs