Bug#698241: NULL password query result permits login with any password

On Sun, 2013-01-20 at 16:47 +0100, Jan Dittberner wrote: > On Sun, Jan 20, 2013 at 03:01:05PM +0100, Julien Cristau wrote: > > On Sat, Jan 19, 2013 at 19:59:43 +0100, Jan Dittberner wrote: > > > > > I have an upload for Squeeze ready and attach the corresponding debdiff to > > > this mail. You can

Bug#698241: NULL password query result permits login with any password

On Sun, Jan 20, 2013 at 03:01:05PM +0100, Julien Cristau wrote: > On Sat, Jan 19, 2013 at 19:59:43 +0100, Jan Dittberner wrote: > > > I have an upload for Squeeze ready and attach the corresponding debdiff to > > this mail. You can also browse the changes in the package's squeeze branch > > [4].

Bug#698241: NULL password query result permits login with any password

On Sat, Jan 19, 2013 at 19:59:43 +0100, Jan Dittberner wrote: > I have an upload for Squeeze ready and attach the corresponding debdiff to > this mail. You can also browse the changes in the package's squeeze branch > [4]. > > [4] > http://anonscm.debian.org/gitweb/?p=collab-maint/pam-pgsql.git

Bug#698241: NULL password query result permits login with any password

On Tue, Jan 15, 2013 at 10:09:39PM +0100, Florian Weimer wrote: > Lucas Clemente Vella discovered that pam-pgsql (aka pam_pgsql) might > allow login with any password the SQL query for the password returns > NULL. > > Bug report: > Patch: >

Bug#698241: NULL password query result permits login with any password

Package: libpam-pgsql Tags: security Lucas Clemente Vella discovered that pam-pgsql (aka pam_pgsql) might allow login with any password the SQL query for the password returns NULL. Bug report: Patch: