pam-u2f

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Universal 2nd Factor (U2F) PAM authentication module from Yubico
Version 1.2.0-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2001 1.1.0-1 1.1.1-1 Medium Fixed
AVG-973 1.0.7-2 1.0.8-2 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-31924 AVG-2001 Medium No Authentication bypass
Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This...
CVE-2019-12210 AVG-973 Medium No Information disclosure
A file descriptor leak has been found in pam-u2f before 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited...
CVE-2019-12209 AVG-973 Medium No Information disclosure
A symbolic link attack has been found in pam-u2f before 1.8.0. The file `$HOME/.config/Yubico/u2f_keys` is blindly followed by the PAM module. It can be a...

Advisories

Date Advisory Group Severity Type
01 Jun 2021 ASA-202106-16 AVG-2001 Medium authentication bypass
07 Jun 2019 ASA-201906-5 AVG-973 Medium information disclosure