Skip to main content

Pam U2F

3 CVEs product

Monthly

CVE-2021-31924 MEDIUM This Month

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pam U2F Fedora
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2019-12210 HIGH POC PATCH This Week

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Pam U2F
NVD GitHub
CVSS 3.0
8.1
EPSS
1.9%
CVE-2019-12209 HIGH POC PATCH This Week

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pam U2F
NVD GitHub
CVSS 3.0
7.5
EPSS
2.9%
EPSS 0% CVSS 6.8
MEDIUM This Month

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pam U2F Fedora
NVD
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Pam U2F
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pam U2F
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy