Open ysf opened 2 years ago
Hey there,
I'm currently mining CVEs because of this bug. Since you have it as a comment in your source I mention it here. Not checking pam-handles with pam_acct_mgmt after pam_authenticate allows non authorized accounts to login.
https://github.com/gobby/libinfinity/blob/00b0c5caceaaadd9477cd64cc48ebd0170a719b1/infinoted/infinoted-pam.c#L286
Hey there,
I'm currently mining CVEs because of this bug. Since you have it as a comment in your source I mention it here. Not checking pam-handles with pam_acct_mgmt after pam_authenticate allows non authorized accounts to login.
https://github.com/gobby/libinfinity/blob/00b0c5caceaaadd9477cd64cc48ebd0170a719b1/infinoted/infinoted-pam.c#L286