Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:nongnu:oath_toolkit:1.4.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-7322 |
usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath. Published: March 09, 2014; 9:16:56 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.9 MEDIUM |