Published:2015/02/27  Last Updated:2015/02/27

Information from OHIRA, Shinya

Vulnerability ID:JVN#34790526
Title:checkpw vulnerable to denial-of-service (DoS)
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

Problem: It can not parse username which contains -- (double dash sign) properly.
Impact: Infinite loop. DoS attacks can consume cpu time.