Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please consider pam_acct_mgmt in pam auth #30

Open
ysf opened this issue Mar 7, 2022 · 0 comments
Open

Please consider pam_acct_mgmt in pam auth #30

ysf opened this issue Mar 7, 2022 · 0 comments

Comments

@ysf
Copy link

ysf commented Mar 7, 2022

Hey there,

I'm currently mining CVEs because of this bug. Since you have it as a comment in your source I mention it here. Not checking pam-handles with pam_acct_mgmt after pam_authenticate allows non authorized accounts to login.

/* TODO: consider pam_acct_mgmt */

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant