2 matches found
MGASA-2024-0335 Updated oath-toolkit packages fix security vulnerability
pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. CVE-2024-47191...
MGASA-2014-0101 Updated oath-toolkit packages fix security vulnerability
It was found that comments lines starting with a hash in /etc/users.oath could prevent one-time-passwords OTP from being invalidated, leaving the OTP vulnerable to replay attacks CVE-2013-7322...