VulnerableCode Package Details - pkg:deb/debian/oath-toolkit@2.4.1-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/oath-toolkit@2.4.1-1?distro=trixie

purl	pkg:deb/debian/oath-toolkit@2.4.1-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-wen1-hzgy-1qa2	usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.	CVE-2013-7322

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:52:52.264525+00:00	Debian Importer	Fixing	VCID-wen1-hzgy-1qa2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T06:36:33.449695+00:00	Debian Importer	Fixing	VCID-wen1-hzgy-1qa2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:48:02.297041+00:00	Debian Importer	Fixing	VCID-wen1-hzgy-1qa2	https://security-tracker.debian.org/tracker/data/json	38.1.0