Lucene search
+L

4 matches found

Friends Of PHP
Friends Of PHP
added 2026/05/31 9:8 a.m.9 views

Mass-assignment in Factory::loadFromProvisioningUri lets a hostile provisioning URI corrupt OTP state or leak an uncaught TypeError

Summary OTPHP\Factory::loadFromProvisioningUri parses an attacker-supplied otpauth:// URI and forwards every query key to OTP::setParameter$key, $value. setParameter resolves the name with propertyexists$this, $parameter and performs a dynamic write $this-$parameter = $value src/OTP.php:196-197...

5.3AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/06/26 12:12 p.m.6 views

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

7.1CVSS5.7AI score0.00342EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/05/07 12:48 p.m.9 views

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

7.1CVSS5.7AI score0.00342EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/04/28 5:31 a.m.4 views

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

7.1CVSS5.7AI score0.00342EPSS
Exploits0References4
Rows per page
Query Builder