Skip to content
Prev Previous commit
Next Next commit
Python: Add @security-severity to py/pam-auth-bypass
The value 8.1 was calculated by our internal tool. This corresponds to a
'High' severity, which from my gut feeling seems reasonable for
authorization bypass.
  • Loading branch information
RasmusWL committed May 11, 2022
commit 044829c3bbbf0bc57ea61c61d44906105989a04f
1 change: 1 addition & 0 deletions python/ql/src/Security/CWE-285/PamAuthorization.ql
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
* @description Not using `pam_acct_mgmt` after `pam_authenticate` to check the validity of a login can lead to authorization bypass.
* @kind problem
* @problem.severity warning
* @security-severity 8.1
* @precision high
* @id py/pam-auth-bypass
* @tags security
Expand Down