Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2013-7322

Published: 09/03/2014 Updated: 29/08/2017
CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8
VMScore: 436
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Subscribe to Oath Toolkit

Vulnerability Summary

usersfile.c in liboath in OATH Toolkit prior to 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent malicious users to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.

Vulnerable Product Search on Vulmon Subscribe to Product

nongnu oath toolkit 2.0.2

nongnu oath toolkit 2.0.1

nongnu oath toolkit 1.12.0

nongnu oath toolkit 1.10.5

nongnu oath toolkit 1.8.1

nongnu oath toolkit 1.8.0

nongnu oath toolkit 1.4.5

nongnu oath toolkit 1.4.4

nongnu oath toolkit 1.0.1

nongnu oath toolkit 1.0.0

nongnu oath toolkit 2.0.0

nongnu oath toolkit 1.12.6

nongnu oath toolkit 1.10.4

nongnu oath toolkit 1.10.3

nongnu oath toolkit 1.6.4

nongnu oath toolkit 1.6.3

nongnu oath toolkit 1.4.3

nongnu oath toolkit 1.4.2

nongnu oath toolkit 1.12.5

nongnu oath toolkit 1.12.4

nongnu oath toolkit 1.12.3

nongnu oath toolkit 1.10.2

nongnu oath toolkit 1.10.1

nongnu oath toolkit 1.6.2

nongnu oath toolkit 1.6.1

nongnu oath toolkit 1.4.1

nongnu oath toolkit 1.4.0

nongnu oath toolkit 1.2.2

nongnu oath toolkit

nongnu oath toolkit 2.2.0

nongnu oath toolkit 1.12.2

nongnu oath toolkit 1.12.1

nongnu oath toolkit 1.10.0

nongnu oath toolkit 1.8.2

nongnu oath toolkit 1.6.0

nongnu oath toolkit 1.4.6

nongnu oath toolkit 1.2.1

nongnu oath toolkit 1.2.0

Vendor Advisories

Debian CVElist Bug Report Logs: oath-toolkit: CVE-2013-7322: certain one-time-passwords not invalidated correctly
Debian Bug report logs - #738515 oath-toolkit: CVE-2013-7322: certain one-time-passwords not invalidated correctly Package: oath-toolkit; Maintainer for oath-toolkit is OATH Toolkit Team <oath-toolkit-help@nongnuorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Feb 2014 06:06:02 UTC Severity: ...

References

CWE-287http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.htmlhttp://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00003.htmlhttp://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00002.htmlhttp://www.nongnu.org/oath-toolkit/NEWS.htmlhttp://seclists.org/oss-sec/2014/q1/296https://exchange.xforce.ibmcloud.com/vulnerabilities/91316https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738515https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook