Lucene search
+L

5 matches found

Tenable Nessus
Tenable Nessus
added 2022/08/10 12:0 a.m.35 views

GLSA-202208-11 : Yubico pam-u2f: Local PIN Bypass vulnerability

The remote host is affected by the vulnerability described in GLSA-202208-11 Yubico pam-u2f: Local PIN Bypass vulnerability - Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not...

6.8CVSS6.9AI score0.00333EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/12/15 12:0 a.m.10 views

Fedora: Security Advisory for pam-u2f (FEDORA-2021-724f4733e9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8CVSS6.8AI score0.00333EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2021/06/01 12:0 a.m.174 views

[ASA-202106-16] pam-u2f: authentication bypass

Arch Linux Security Advisory ASA-202106-16 ========================================== Severity: Medium Date : 2021-06-01 CVE-ID : CVE-2021-31924 Package : pam-u2f Type : authentication bypass Remote : No Link : https://security.archlinux.org/AVG-2001 Summary ======= The package pam-u2f before...

6.8CVSS0.1AI score0.00333EPSS
Exploits0References7
CVE
CVE
added 2021/05/25 11:40 p.m.201 views

CVE-2021-31924

Affected software: Yubico pam-u2f (PAM module for FIDO2/U2F) prior to version 1.1.1. Root cause: A logic issue in pam-u2f could bypass a PIN requirement when configured to require PIN and the application allows NULL as the PIN; pam-u2f then proceeds with FIDO2 authentication without PIN. This byp...

6.8CVSS6.3AI score0.00333EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2021/05/25 11:40 p.m.22 views

CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

6.8CVSS6.8AI score0.00333EPSS
Exploits0
Rows per page
Query Builder