pam-u2f

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Universal 2nd Factor (U2F) PAM authentication module from Yubico
Version 1.0.8-2 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-973 1.0.7-2 1.0.8-2 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2019-12210 AVG-973 Medium No Information disclosure
A file descriptor leak has been found in pam-u2f before 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited...
CVE-2019-12209 AVG-973 Medium No Information disclosure
A symbolic link attack has been found in pam-u2f before 1.8.0. The file `$HOME/.config/Yubico/u2f_keys` is blindly followed by the PAM module. It can be a...

Advisories

Date Advisory Group Severity Description
07 Jun 2019 ASA-201906-5 AVG-973 Medium information disclosure