DerScanner
Home / Vulnerability Database / C or C++ : Unsafe function: getlogin
C/C++

C or C++ : Unsafe function: getlogin

Classification

PCI DSS 4.0
6.2.4
CWE
CWE-558

Overview

Calling getlogin function for authentication purposes is unsafe because the returned result can be changed by the attacker in many ways.

References

  1. getlogin(3) - Linux manual page
  2. CWE-558
MEDIUM

DerScanner Severity Score

Do you want to fix C or C++ : Unsafe function: getlogin in your application?

See also

C/C++

C or C++ : Dead store

C/C++

C or C++ : Use after free

C/C++

C or C++ : va_list uninitialized