It was found that comments (lines starting with a hash) in /etc/users.oath could prevent one-time-passwords (OTP) from being invalidated, leaving the OTP vulnerable to replay attacks (CVE-2013-7322).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | oath-toolkit | < 1.12.6-2.1 | oath-toolkit-1.12.6-2.1.mga3 |
Mageia | 4 | noarch | oath-toolkit | < 2.4.1-1 | oath-toolkit-2.4.1-1.mga4 |