CVE-2025-23013
- EPSS 0.05%
- Published 15.01.2025 04:15:20
- Last modified 03.02.2025 10:15:09
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on m...
CVE-2021-31924
- EPSS 0.09%
- Published 26.05.2021 00:15:08
- Last modified 21.11.2024 06:06:31
Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence (touch) or cryptographic signature verification to be bypas...
CVE-2019-12209
- EPSS 0.63%
- Published 04.06.2019 21:29:00
- Last modified 21.11.2024 04:22:25
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by...
CVE-2019-12210
- EPSS 0.36%
- Published 04.06.2019 21:29:00
- Last modified 21.11.2024 04:22:25
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the c...