VYPR

Oath Toolkit

by Oath Toolkit

Source repositories

CVEs (2)

  • CVE-2024-47191HigOct 9, 2024
    risk 0.39cvss 7.1epss 0.00

    pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

  • CVE-2013-7322Mar 9, 2014
    risk 0.00cvss epss 0.01

    usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to…