Published:2015/02/27 Last Updated:2015/02/27
Information from OHIRA, Shinya
Vulnerability ID:JVN#34790526
Title:checkpw vulnerable to denial-of-service (DoS)
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
Problem: It can not parse username which contains -- (double dash sign) properly.
Impact: Infinite loop. DoS attacks can consume cpu time.