Summary: | sys-libs/pam opasswd should be able to use SHA-256 or SHA-512 hashing | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | minor | CC: | gengor, pam-bugs+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=486604 | ||
Whiteboard: | B4 [upstream?] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2009-02-26 11:05:37 UTC
According to Flameeyes, this is not enabled by default. However, it might still increase the risk of information disclosure for people using the feature. No new release from upstream yet, and I'd rather not patch so I'd just keep waiting to see if they release a 1.0.4. I see nothing new from the upstream bug, do we till count this as a security bug? do you have a reference to the upstream bug? This is a hardening issue, not a security issue. |