Home page logo

oss-sec logo oss-sec mailing list archives

pam-pgsql NULL password handling issue
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 15 Jan 2013 20:23:06 +0100

Lucas Clemente Vella discovered that pam-pgsql (aka pam_pgsql) might
allow login with any password the SQL query for the password returns

Bug report: <https://sourceforge.net/p/pam-pgsql/bugs/13/>
Patch: <https://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/>

As usual, I'm not sure if this constitutes a security bug, but we'll
probably fix this nevertheless if we get the opportunity.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]