You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found that we only do authenticate without authorization, i.e. without calling pam_acct_mgmt. This can make expired accounts and accounts with expired passwords can still login.
While i read code at https://github.com/web2py/web2py/blob/master/gluon/contrib/pam.py#L124
I found that we only do authenticate without authorization, i.e. without calling pam_acct_mgmt. This can make expired accounts and accounts with expired passwords can still login.
More details: https://codeql.github.com/codeql-query-help/python/py-pam-auth-bypass/
Please let me know if I have missed any key details.
Impact:
This can make expired accounts and accounts with expired passwords can still login.
The text was updated successfully, but these errors were encountered: