From daniel.schmidt at wyo.gov  Wed May  1 18:15:44 2024
From: daniel.schmidt at wyo.gov (Daniel Schmidt)
Date: Wed, 1 May 2024 13:15:44 -0500
Subject: [tac_plus] Vulnerability: tac_plus pre auth remote command
 execution
In-Reply-To: <CAOyMAKmLs7v7OGvmhWhSfOVE7WGYVKsujtgdZDwALYWXY5ds+A@mail.gmail.com>
References: <CAOyMAKmLs7v7OGvmhWhSfOVE7WGYVKsujtgdZDwALYWXY5ds+A@mail.gmail.com>
Message-ID: <CAOyMAK=8xgceK0sn8xd=oQziNfy_FB7Y9LTjHp-Q300FjDu3xw@mail.gmail.com>

FWIW: They made a mistake when fixing it:

https://github.com/facebook/tac_plus/issues/46

-- 

E-Mail to and from me, in connection with the transaction 
of public 
business, is subject to the Wyoming Public Records 
Act and may be 
disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20240501/359782a0/attachment.htm>