Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-7322HistoryMar 09, 2014 - 1:16 p.m.
CVE-2013-7322
2014-03-0913:16:00
Debian Security Bug Tracker
security-tracker.debian.org
9
0.002 Low
EPSS
Percentile
51.4%
usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | oath-toolkit | < 2.4.1-1 | oath-toolkit_2.4.1-1_all.deb |
| Debian | 11 | all | oath-toolkit | < 2.4.1-1 | oath-toolkit_2.4.1-1_all.deb |
| Debian | 10 | all | oath-toolkit | < 2.4.1-1 | oath-toolkit_2.4.1-1_all.deb |
| Debian | 999 | all | oath-toolkit | < 2.4.1-1 | oath-toolkit_2.4.1-1_all.deb |
| Debian | 13 | all | oath-toolkit | < 2.4.1-1 | oath-toolkit_2.4.1-1_all.deb |
Related
securityvulns
securityvulns
[ MDVSA-2014:061 ] oath-toolkit
2014-03-18 00:00:00
oath-toolkit replay attack
2014-03-18 00:00:00
prion
prion
Deserialization of untrusted data
2014-03-09 13:16:00
ubuntucve
ubuntucve
CVE-2013-7322
2014-03-09 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0101)
2022-01-28 00:00:00
Fedora Update for oath-toolkit FEDORA-2014-2875
2014-04-16 00:00:00
Fedora Update for oath-toolkit FEDORA-2014-2875
2014-04-16 00:00:00
nessus
nessus
Fedora 20 : oath-toolkit-2.4.1-3.fc20 (2014-2875)
2014-04-16 00:00:00
Fedora 19 : oath-toolkit-2.4.1-1.fc19 (2014-2534)
2014-02-24 00:00:00
Mandriva Linux Security Advisory : oath-toolkit (MDVSA-2014:061)
2014-03-17 00:00:00
mageia
mageia
Updated oath-toolkit packages fix security vulnerability
2014-02-26 01:59:23
fedora
fedora
[SECURITY] Fedora 20 Update: oath-toolkit-2.4.1-3.fc20
2014-04-15 15:58:30
[SECURITY] Fedora 19 Update: oath-toolkit-2.4.1-1.fc19
2014-02-22 18:12:34
cve
cve
CVE-2013-7322
2014-03-09 13:16:00