pam_google_authenticator.c in the PAM module in Google...
Low severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Description
Published by the National Vulnerability Database
Apr 24, 2013
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Jan 28, 2023
pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.
References