Skip to main content

Linux-PAM CVE-2026-54411

| EUVDEUVD-2026-36662 MEDIUM
Observable Timing Discrepancy (CWE-208)
2026-06-14 TuranSec GHSA-56gg-22rq-q53x
6.9
CVSS 4.0 · Vendor: TuranSec
Share

Severity by source

Vendor (TuranSec) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:X/U:X
vuln.today AI
5.9 MEDIUM

AV:N reflects that pam_userdb-consuming services (SSH, FTP) are commonly network-exposed; AC:H captures both timing attack measurement complexity and the non-default crypt=none configuration prerequisite; C:H reflects full plaintext credential disclosure.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SUSE
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Red Hat
4.8 MEDIUM
qualitative

Primary rating from Vendor (TuranSec).

CVSS VectorVendor: TuranSec

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 14, 2026 - 17:43 vuln.today
CVE Published
Jun 14, 2026 - 17:21 cve.org
MEDIUM 6.9

DescriptionCVE.org

Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.

AnalysisAI

Timing side-channel in Linux-PAM's pam_userdb module through version 1.7.2 allows plaintext password recovery by any attacker capable of repeatedly submitting authentication attempts to a service backed by the vulnerable configuration. The module's use of length-prefixed strncmp() (or strncasecmp() with PAM_ICASE_ARG) on plaintext credentials leaks both password length and individual prefix bytes via measurable response-time differences, enabling iterative character-by-character reconstruction of the stored password. Proof-of-concept exploit methodology exists per CVSS 4.0 supplemental metadata (E:P); while no CISA KEV listing was found, the high confidentiality impact (VC:H) and credential-disclosure nature make this a meaningful risk for any deployment relying on pam_userdb in plaintext mode.

Technical ContextAI

Linux-PAM (cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*) is the Pluggable Authentication Modules framework on Linux. The pam_userdb module stores and verifies credentials from a Berkeley DB flat-file database. The vulnerable path is in modules/pam_userdb/pam_userdb.c at approximately line 327, where the module performs a two-stage comparison: first a length equality check, then a byte-by-byte strncmp() (or strncasecmp() when PAM_ICASE_ARG is set, referencing libpam/include/pam_inline.h). This constitutes CWE-208 (Observable Timing Discrepancy): the length check short-circuits immediately on mismatch - leaking password length - and strncmp exits at the first differing byte - leaking prefix content. The vulnerable path is reached only when an administrator configures the module with crypt=none, supplies an unrecognized crypt= value, or omits the crypt= argument entirely, causing credentials to be stored and compared in plaintext rather than via a hash. Systems using any recognized cryptographic method (e.g., SHA512, md5) do not enter this code path.

RemediationAI

No vendor-released patch identified at time of analysis - the references point to the upstream source repository (https://github.com/linux-pam/linux-pam) without identifying a tagged fix release or patched version number. The primary and most effective mitigation is to reconfigure pam_userdb to use a supported cryptographic hash (e.g., crypt=SHA512) for password storage, which eliminates the plaintext comparison path entirely; this requires regenerating the Berkeley DB credential database and a brief service restart. If reconfiguration is not immediately feasible, restrict network or local access to the authentication service consuming pam_userdb to only trusted principals via firewall rules or network segmentation, directly reducing the pool of potential timing oracle requestors. Rate-limiting authentication attempts at the service layer (e.g., via fail2ban or per-account lockout thresholds) significantly raises the cost and time required for a successful timing attack, though it does not eliminate the vulnerability. Migrating to an alternative PAM credential module (e.g., pam_unix with shadow passwords, which uses constant-time comparison) is a longer-term architectural remedy. Monitor https://github.com/linux-pam/linux-pam for a patched release addressing this timing path.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SLES15-SP5-CHOST-BYOS-SAP-CCloud Affected
SLES15-SP6-CHOST-BYOS Affected
SLES15-SP6-CHOST-BYOS-Aliyun Affected
SLES15-SP6-CHOST-BYOS-Azure Affected
SLES15-SP6-CHOST-BYOS-EC2 Affected

Share

CVE-2026-54411 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy