|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA10612] mod_auth_shadow Account Expiry Date Not Enforced
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Jan 13 2004 - 08:37:15 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
mod_auth_shadow Account Expiry Date Not Enforced
SECUNIA ADVISORY ID:
SA10612
VERIFY ADVISORY:
http://www.secunia.com/advisories/10612/
CRITICAL:
Not critical
IMPACT:
Security Bypass
WHERE:
From remote
SOFTWARE:
mod_auth_shadow
DESCRIPTION:
David B. Harris has identified a problem in mod_auth_shadow, allowing
malicious people to log in using expired accounts.
The problem is that mod_auth_shadow doesn't enforce the expiry date
on accounts.
Version 1.3 and possibly prior are affected.
SOLUTION:
Update to version 1.4.
http://sourceforge.net/project/showfiles.php?group_id=11283&package_id=10508
PROVIDED AND/OR DISCOVERED BY:
David B. Harris
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://www.secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]