7 matches found
Mageia: Security Advisory (MGASA-2014-0101)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : oath-toolkit-2.4.1-3.fc20 (2014-2875)
This is an update that adds xmlsec1-openssl to requirements. This is an update that fixes CVE-2013-7322. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much ...
Fedora Update for oath-toolkit FEDORA-2014-2875
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mandriva Linux Security Advisory : oath-toolkit (MDVSA-2014:061)
Updated oath-toolkit packages fix security vulnerability : It was found that comments lines starting with a hash in /etc/users.oath could prevent one-time-passwords OTP from being invalidated, leaving the OTP vulnerable to replay attacks CVE-2013-7322. %NASLMINLEVEL 70300 C Tenable Network...
CVE-2013-7322
usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password OTP type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay...
CVE-2013-7322
CVE-2013-7322 affects the OATH Toolkit, specifically the liboath component (usersfile.c). The issue arises when processing an invalid OTP type and a username in /etc/users.oath, causing the wrong line to be updated during OTP invalidation. This can enable context-dependent attackers to perform re...
Fedora 19 : oath-toolkit-2.4.1-1.fc19 (2014-2534)
This is an update that fixes CVE-2013-7322. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...