oss-sec mailing list archives
oath-toolkit PAM module OTP token invalidation issue
From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 07 Feb 2014 17:21:28 +0100
Bas van Schaik discovered that commented-out lines in /etc/users.oath have an undesired side effect: http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html There is a test file with comments in the distribution, so I believe this is an actual bug with security implications, not accidental misuse of the file format.
Current thread:
- oath-toolkit PAM module OTP token invalidation issue Florian Weimer (Feb 07)
- Re: oath-toolkit PAM module OTP token invalidation issue cve-assign (Feb 09)