From Net-security.org: "The 'login' program in util-linux stored the user's
credentials in a static buffer that could later be reused
in other PAM calls issued on behalf of other users. This
could lead to a user gaining access to other accounts.
Note that this is not possible by default."