Date: Tue, 15 Jan 2013 20:23:06 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: pam-pgsql NULL password handling issue Lucas Clemente Vella discovered that pam-pgsql (aka pam_pgsql) might allow login with any password the SQL query for the password returns NULL. Bug report: <https://sourceforge.net/p/pam-pgsql/bugs/13/> Patch: <https://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/> As usual, I'm not sure if this constitutes a security bug, but we'll probably fix this nevertheless if we get the opportunity.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.