The open-source project for secure communications technology, known as OpenSSH, plugged a second security hole on Tuesday that affects only users who have turned off a critical security feature.. . .

The open-source project for secure communications technology, known as OpenSSH, plugged a second security hole on Tuesday that affects only users who have turned off a critical security feature.

The flaw appears in an open-source implementation of the Pluggable Authentication Modules (PAMs), a technology adopted by Sun Solaris, Linux and BSD systems to let system administrators easily change the way users log into computers. The default login procedure could be changed to a smart-card-based procedure using a PAM, for example.

The project started using open-source versions of the new PAM functions in the latest release of OpenSSH. However, as with a flaw found last week, the current vulnerability affects only versions of OpenSSH that have a security technology known as privilege separation turned off.

The link for this article located at ZDNet is no longer available.