Permalink
Browse files

Fix big security hole: Authentication succeeded when no password

was given, unless use_first_pass was being used.
This is fatal if pam_yubico is considered 'sufficient' in the PAM
configuration.

Signed-off-by: Nanakos Chrysostomos <nanakos@wired-net.gr>
  • Loading branch information...
1 parent 2bf1a9b commit 4712da70cac159d5ca9579c1e4fac0645b674043 @cnanakos cnanakos committed Aug 26, 2011
Showing with 1 addition and 0 deletions.
  1. +1 −0 pam_yubico.c
View
@@ -747,6 +747,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
if (resp->resp == NULL)
{
DBG (("conv returned NULL passwd?"));
+ retval = PAM_AUTH_ERR;
goto done;
}

0 comments on commit 4712da7

Please sign in to comment.