[Bug 242690] Re: <Ctrl+C> might allow to bypass authentication
reidmefirst
reid.launchpad at vendaworld.com
Tue Jul 14 22:24:12 UTC 2009
Naive question about a bug that was closed a year ago...
Can a user do a similar thing with pam_pgsql when changing her password?
For example the operator precedence in pam_sm_chauthtok() line 696 is:
if ((rc = pam_get_pass(pamh, PAM_OLDAUTHTOK, &pass, PASSWORD_PROMPT,
options->std_flags)) == PAM_SUCCESS) {
which is identical to the buggy operator precedence being performed in
the old version of pam_sm_authenticate(). Is it possible for a
malicious user to change a victim's password in this way if pam_pgsql is
used and the victim walked away without locking their screen?
Reid
--
<Ctrl+C> might allow to bypass authentication
https://bugs.launchpad.net/bugs/242690
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list