Advisories ยป MGASA-2014-0101

Updated oath-toolkit packages fix security vulnerability

Publication date: 25 Feb 2014
Modification date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-7322

Description

It was found that comments (lines starting with a hash) in /etc/users.oath
could prevent one-time-passwords (OTP) from being invalidated, leaving the OTP
vulnerable to replay attacks (CVE-2013-7322).
                

References

SRPMS

3/core

4/core