Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yubico yubico pam vulnerabilities and exploits
(subscribe to this query)
8.2
CVSSv3
CVE-2018-9275
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 up to and including 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum numbe...
Yubico Yubico Pam
7.5
CVSSv3
CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is ...
Yubico Pam-u2f 1.0.7
8.1
CVSSv3
CVE-2019-12210
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read fro...
Yubico Pam-u2f 1.0.7
6.8
CVSSv3
CVE-2021-31924
Yubico pam-u2f prior to 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence (touch) or cryptographic signature verification to be bypassed, so an attacker would st...
Yubico Pam-u2f
Fedoraproject Fedora 34
Fedoraproject Fedora 35
6.8
CVSSv3
CVE-2018-20340
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the af...
Yubico Libu2f-host 1.1.6
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2011-4120
Yubico PAM Module prior to 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authent...
Yubico Pam Module
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.7
CVSSv3
CVE-2020-24612
An issue exists in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured wi...
Fedoraproject Selinux-policy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started