Filtered by vendor Nongnu
Subscriptions
Filtered by product Oath Toolkit
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47191 | 1 Nongnu | 1 Oath Toolkit | 2024-11-21 | 7.1 High |
| pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. | ||||
| CVE-2013-7322 | 1 Nongnu | 1 Oath Toolkit | 2024-11-21 | N/A |
| usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath. | ||||
Page 1 of 1.