Description
usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.
References (6)
Core 6
Core References
Various Sources mailing-list
x_refsource_mlist
http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00003.html
Various Sources x_refsource_confirm
http://www.nongnu.org/oath-toolkit/NEWS.html
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/296
Various Sources mailing-list
x_refsource_mlist
http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91316
Various Sources mailing-list
x_refsource_mlist
http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00002.html
Scores
EPSS
0.0088
EPSS Percentile
54.5%
Details
CWE
CWE-287
Status
published
Products (38)
nongnu/oath_toolkit
1.0.0
nongnu/oath_toolkit
1.0.1
nongnu/oath_toolkit
1.2.0
nongnu/oath_toolkit
1.2.1
nongnu/oath_toolkit
1.2.2
nongnu/oath_toolkit
1.4.0
nongnu/oath_toolkit
1.4.1
nongnu/oath_toolkit
1.4.2
nongnu/oath_toolkit
1.4.3
nongnu/oath_toolkit
1.4.4
... and 28 more
Published
Mar 09, 2014
Tracked Since
Feb 18, 2026