nongnu OATH Toolkit 1.12.6
Approved changes feed: RSS · Atom
cpe:2.3:a:nongnu:oath_toolkit:1.12.6:*:*:*:*:*:*:*
part: a version: 1.12.6 update: *
| Vendor | Nongnu (2a4ff73f-605f-5ecb-9f22-a9e82e6c3477) |
|---|---|
| Product | Oath Toolkit (aec54abe-baf8-59bf-9dc1-86f079878789) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/oath-toolkit |
purl2cpe | 2026-06-01 10:12:38.211230 |
pkg:deb/ubuntu/oath-toolkit |
purl2cpe | 2026-06-01 10:12:38.211231 |
pkg:github/dimitripapadopoulos/oath-toolkit |
purl2cpe | 2026-06-01 10:12:38.211233 |
pkg:github/malept/oath-toolkit |
purl2cpe | 2026-06-01 10:12:38.211234 |
pkg:github/paulyc/oath-toolkit |
purl2cpe | 2026-06-01 10:12:38.211235 |
pkg:gnu/oath-toolkit |
purl2cpe | 2026-06-01 10:12:38.211237 |
pkg:rpm/fedora/oath-toolkit |
purl2cpe | 2026-06-01 10:12:38.211238 |
pkg:rpm/opensuse/oath-toolkit |
purl2cpe | 2026-06-01 10:12:38.211240 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2013-7322 |
vulnerable | 2026-06-08 05:05:09.761708 |
Details available
usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.
Published: 2014-03-07T20:00:00.000Z
Updated: 2024-08-06T18:01:20.390Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.