oath-toolkit contains libraries and utilities for managing one-time password (OTP) authentication e.g. as a second factor to password authentication. Its pam_oath.so PAM module performs unsafe operations in directories potentially controlled by unprivileged users, leading to possible privilege escalation.
