A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM stacks typically run as root, this flaw allows a malicious user to jeopardize an environment.
Metrics
Affected Vendors & Products
References
History
Tue, 08 Oct 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM stacks typically run as root, this flaw allows a malicious user to jeopardize an environment. |
Sat, 05 Oct 2024 01:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | oath-toolkit: Local root exploit in a PAM module | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
No data.
Vulnrichment
No data.
NVD
No data.
Redhat