5 matches found
GLSA-202208-11 : Yubico pam-u2f: Local PIN Bypass vulnerability
The remote host is affected by the vulnerability described in GLSA-202208-11 Yubico pam-u2f: Local PIN Bypass vulnerability - Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not...
Fedora: Security Advisory for pam-u2f (FEDORA-2021-724f4733e9)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[ASA-202106-16] pam-u2f: authentication bypass
Arch Linux Security Advisory ASA-202106-16 ========================================== Severity: Medium Date : 2021-06-01 CVE-ID : CVE-2021-31924 Package : pam-u2f Type : authentication bypass Remote : No Link : https://security.archlinux.org/AVG-2001 Summary ======= The package pam-u2f before...
CVE-2021-31924
Affected software: Yubico pam-u2f (PAM module for FIDO2/U2F) prior to version 1.1.1. Root cause: A logic issue in pam-u2f could bypass a PIN requirement when configured to require PIN and the application allows NULL as the PIN; pam-u2f then proceeds with FIDO2 authentication without PIN. This byp...
CVE-2021-31924
Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...