pam-u2f
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Universal 2nd Factor (U2F) PAM authentication module from Yubico |
| Version | 1.3.0-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2001 | 1.1.0-1 | 1.1.1-1 | Medium | Fixed | |
| AVG-973 | 1.0.7-2 | 1.0.8-2 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-31924 | AVG-2001 | Medium | No | Authentication bypass | Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This... |
| CVE-2019-12210 | AVG-973 | Medium | No | Information disclosure | A file descriptor leak has been found in pam-u2f before 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited... |
| CVE-2019-12209 | AVG-973 | Medium | No | Information disclosure | A symbolic link attack has been found in pam-u2f before 1.8.0. The file `$HOME/.config/Yubico/u2f_keys` is blindly followed by the PAM module. It can be a... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 01 Jun 2021 | ASA-202106-16 | AVG-2001 | Medium | authentication bypass |
| 07 Jun 2019 | ASA-201906-5 | AVG-973 | Medium | information disclosure |