Mandriva Linux Security Advisory : oath-toolkit (MDVSA-2014:061)
Medium Nessus Plugin ID 73053
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated oath-toolkit packages fix security vulnerability :
It was found that comments (lines starting with a hash) in /etc/users.oath could prevent one-time-passwords (OTP) from being invalidated, leaving the OTP vulnerable to replay attacks (CVE-2013-7322).
SolutionUpdate the affected packages.