Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 07 Feb 2014 17:21:28 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: oath-toolkit PAM module OTP token invalidation issue

Bas van Schaik discovered that commented-out lines in /etc/users.oath
have an undesired side effect:

http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html

There is a test file with comments in the distribution, so I believe
this is an actual bug with security implications, not accidental
misuse of the file format.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ