This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing a security update.
Pam_ldap does not return an error condition when an LDAP directory
server responds with a PasswordPolicyResponse control response, which
causes the pam_authenticate function to return a success code even if
authentication has failed, as originally reported for xscreensaver.
This might lead to an attacker being able to login into a suspended
Updated packages have been patched to correct this issue.
Update the affected pam_ldap package.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true