← Back

Pam Module

pam_module

Vendor: Yubico • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2011-4120
2Debian
Yubico
2Debian Linux
Pam Module
Nov 21, 2024
Nov 26, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use...Show more
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string.Show less