Package: libapache2-mod-auth-pam Version: 1.1.1-4.1 Severity: normal Tags: security
If a user does not have access to a location/directory due to a require user directive that excludes them, and their password is correctly given, apache returns an auth failure immediately instead of respecting the AuthPAM_FailDelay directive. An excluded/unauthorized user should be treated the same as a non-existant user, or a bad password for a valid/authorized user. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (900, 'testing'), (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-k7 Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) Versions of packages libapache2-mod-auth-pam depends on: ii apache2-common 2.0.52-3 Next generation, scalable, extenda ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libpam0g 0.76-22 Pluggable Authentication Modules l -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
