checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username. Date published : 2015-02-27 ht