A monit security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address an issue where users with disabled accounts but with a valid password can login.
ELA-906-1 monit security update
Package : monit
Version : 1:5.9-1+deb8u3 (jessie), 1:5.20.0-6+deb9u3 (stretch)
Related CVEs :
CVE-2022-26563
Youssef Rebahi-Gilbert discovered that users with disabled accounts but with a
valid password can login to Monit, a utility for monitoring and managing
daemons or similar programs, due to a flaw in the PAM authentication check.