pam_2fa
2nd factor authentication using PAM (by CERN-CERT)
xzbot
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) (by amlweems)
| pam_2fa | xzbot | |
|---|---|---|
| 1 | 2 | |
| 33 | 3,464 | |
| - | - | |
| - | 5.2 | |
| over 3 years ago | about 2 months ago | |
| C | Go | |
| GNU General Public License v3.0 or later | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pam_2fa
Posts with mentions or reviews of pam_2fa.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-04-01.
xzbot
Posts with mentions or reviews of xzbot.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-04-01.
-
Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
Instead of needing the honeypot openssh.patch at compile-time https://github.com/amlweems/xzbot/blob/main/openssh.patch
How did the exploit do this at runtime?
I know the chain was:
opensshd -> systemd for notifications -> xz included as transient dependency
How did liblzma.so.5.6.1 hook all the way back to openssh_RSA_verify when it was loaded into memory?