[jboss-jira] [JBoss JIRA] (SECURITY-782) EXTC with timeout not properly detected by loadPassword utility in login modules
Peter Skopek (JIRA)
issues at jboss.org
Wed Jan 8 08:54:32 EST 2014
[ https://issues.jboss.org/browse/SECURITY-782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Peter Skopek updated SECURITY-782:
----------------------------------
Description:
This is a backport of SECURITY-780.
Using cached external command with time out to get user credential in login modules if not properly detected as to call the external command.
Example: {EXTC:1000}/usr/bin/getmysecretpwd
was:
Using cached external command with time out to get user credential in login modules if not properly detected as to call the external command.
Example: {EXTC:1000}/usr/bin/getmysecretpwd
> EXTC with timeout not properly detected by loadPassword utility in login modules
> --------------------------------------------------------------------------------
>
> Key: SECURITY-782
> URL: https://issues.jboss.org/browse/SECURITY-782
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: JBossSecurity_2.0.6.Final
> Reporter: Peter Skopek
> Assignee: Peter Skopek
>
> This is a backport of SECURITY-780.
> Using cached external command with time out to get user credential in login modules if not properly detected as to call the external command.
> Example: {EXTC:1000}/usr/bin/getmysecretpwd
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list