Query PR
github/codeql#8775
Language
C/C++
CVE(s) ID list
nvd.nist.gov/vuln/detail/CVE-2022-24755
CWE
CWE-285
Report
This is similar to #561 and #562.
Using pam_authenticate function call to grant access to a user can cause security issues. A pam_authenticate call only checks if the username and the password match. It does not check if the account is expired. Hence, a user with an expired login or an expired password can still login.
This PR aims to detect instances were an initiated PAM Transaction calls pam_authenticate but does not call pam_acct_mgtmt.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
Query PR
github/codeql#8775
Language
C/C++
CVE(s) ID list
nvd.nist.gov/vuln/detail/CVE-2022-24755
CWE
CWE-285
Report
This is similar to #561 and #562.
Using
pam_authenticatefunction call to grant access to a user can cause security issues. Apam_authenticatecall only checks if the username and the password match. It does not check if the account is expired. Hence, a user with an expired login or an expired password can still login.This PR aims to detect instances were an initiated PAM Transaction calls
pam_authenticatebut does not callpam_acct_mgtmt.Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response