It was found that libpam4j prior to 1.10 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
{ "nvd_published_at": "2018-01-18T21:29:00Z", "github_reviewed_at": "2022-07-01T21:27:13Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-20" ] }