Package: libdynalogin-1-0 Version: 0.9.14-1 Severity: serious In some circumstances, the algorithm fails to authenticate a valid user presenting a valid code.
This appears to be occurring because the expected behavior of the oath_strcmp function is not identical to regular strcmp, negative return values are being handled as errors. There is no security risk or risk of giving access when a user should not have access. The solution involves testing the strcmp return value and is a minor change (~2 lines) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
