Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 Jan 2013 20:23:06 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: pam-pgsql NULL password handling issue

Lucas Clemente Vella discovered that pam-pgsql (aka pam_pgsql) might
allow login with any password the SQL query for the password returns
NULL.

Bug report: <https://sourceforge.net/p/pam-pgsql/bugs/13/>
Patch: <https://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/>

As usual, I'm not sure if this constitutes a security bug, but we'll
probably fix this nevertheless if we get the opportunity.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.