oss-sec mailing list archives
pam-pgsql NULL password handling issue
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 15 Jan 2013 20:23:06 +0100
Lucas Clemente Vella discovered that pam-pgsql (aka pam_pgsql) might allow login with any password the SQL query for the password returns NULL. Bug report: <https://sourceforge.net/p/pam-pgsql/bugs/13/> Patch: <https://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/> As usual, I'm not sure if this constitutes a security bug, but we'll probably fix this nevertheless if we get the opportunity.
Current thread:
- pam-pgsql NULL password handling issue Florian Weimer (Jan 15)
- Re: pam-pgsql NULL password handling issue Kurt Seifried (Jan 15)
- Re: pam-pgsql NULL password handling issue Kurt Seifried (Jan 16)
- Re: pam-pgsql NULL password handling issue Kurt Seifried (Jan 15)