Naive question about a bug that was closed a year ago... Can a user do a similar thing with pam_pgsql when changing her password? For example the operator precedence in pam_sm_chauthtok() line 696 is:
if ((rc = pam_get_pass(pamh, PAM_OLDAUTHTOK, &pass, PASSWORD_PROMPT, options->std_flags)) == PAM_SUCCESS) { which is identical to the buggy operator precedence being performed in the old version of pam_sm_authenticate(). Is it possible for a malicious user to change a victim's password in this way if pam_pgsql is used and the victim walked away without locking their screen? Reid -- <Ctrl+C> might allow to bypass authentication https://bugs.launchpad.net/bugs/242690 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs -- universe-bugs mailing list universe-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/universe-bugs