Naive question about a bug that was closed a year ago...
Can a user do a similar thing with pam_pgsql when changing her password?
For example the operator precedence in pam_sm_chauthtok() line 696 is:
if ((rc = pam_get_pass(pamh, PAM_OLDAUTHTOK, &pass, PASSWORD_PROMPT,
options->std_flags)) == PAM_SUCCESS) {
which is identical to the buggy operator precedence being performed in
the old version of pam_sm_authenticate(). Is it possible for a
malicious user to change a victim's password in this way if pam_pgsql is
used and the victim walked away without locking their screen?
Reid
--
<Ctrl+C> might allow to bypass authentication
https://bugs.launchpad.net/bugs/242690
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
