HylaFAX hfaxd with PAM Password Policy Bypass
High Nessus Plugin ID 20387
SynopsisThe remote fax server fails to properly validate passwords.
DescriptionThe remote host is running HylaFAX, a fax / pager server application for Linux / unix.
The version of HylaFAX installed on the remote host does not check passwords when authenticating users via hfaxd, its fax server. An attacker can exploit this issue to bypass authentication using a valid username and gain access to the system.
SolutionRebuild HylaFAX with PAM support or upgrade to HylaFAX version 4.2.4 or later.