Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 Jan 2013 20:23:06 +0100
From: Florian Weimer <>
Subject: pam-pgsql NULL password handling issue

Lucas Clemente Vella discovered that pam-pgsql (aka pam_pgsql) might
allow login with any password the SQL query for the password returns

Bug report: <>
Patch: <>

As usual, I'm not sure if this constitutes a security bug, but we'll
probably fix this nevertheless if we get the opportunity.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.