HylaFAX hfaxd with PAM Password Policy Bypass

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.

Synopsis :

The remote fax server fails to properly validate passwords.

Description :

The remote host is running HylaFAX, a fax / pager server application
for Linux / unix.

The version of HylaFAX installed on the remote host does not check
passwords when authenticating users via hfaxd, its fax server. An
attacker can exploit this issue to bypass authentication using a valid
username and gain access to the system.

See also :


Solution :

Rebuild HylaFAX with PAM support or upgrade to HylaFAX version 4.2.4
or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 20387 (hylafax_auth_bypass.nasl)

Bugtraq ID: 16150

CVE ID: CVE-2005-3538

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now