[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OATH-Toolkit-help] libpam-oath vulnerable to replay of OTP as resul
From: |
Simon Josefsson |
Subject: |
Re: [OATH-Toolkit-help] libpam-oath vulnerable to replay of OTP as result of incorrectly parsing comments in users file? |
Date: |
Wed, 12 Feb 2014 13:37:40 +0100 |
You wrote:
> On 12/02/14 02:16, Simon Josefsson wrote:
> > I think it looked fine but I haven't fully analyzed it -- any chance
> > someone could come up with a brief description of how to reproduce
> > the problem exactly? Then I could add that recipe as a self-test
> > in the package, apply the fix, and if that silences the self-test,
> > I'm happy.
> I think my first email (9 Dec 11:31 GMT) contains a fairly detailed
> description of how to reproduce this behaviour. Please let me know if
> you need additional info.
Thank you for the pointer! With that I believe I'll be able to
reproduce it and write a self-check for it. The bug is indeed in the
library, not in the PAM module itself. Stay tuned..
/Simon