176 matches found
Advisory ROSA-SA-2024-2456
Software: selinux-policy 3.14.3 OS: ROSA Virtualization 2.1 packageevrstring: selinux-policy-3.14.3 CVE-ID: CVE-2020-24612 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A problem was detected in the selinux-policy package because the .config/Yubico directory is not handled correctly. Consequently, whe...
SUSE CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...
SUSE CVE-2019-12210
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...
SUSE CVE-2021-31924
Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...
EulerOS Virtualization 2.9.1 : selinux-policy (EulerOS-SA-2022-2366)
According to the versions of the selinux-policy packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the...
EulerOS Virtualization 2.9.0 : selinux-policy (EulerOS-SA-2022-2402)
According to the versions of the selinux-policy packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the...
Yubico pam-u2f: Local PIN Bypass vulnerability
Background Yubico pam-u2f is a PAM module for FIDO2 and U2F keys. Description A logic issue in Yubico pam-u2f could result in the bypass of a PIN entry requirement when authenticating with FIDO2. Impact An attacker with local access to certain applications using pam-u2f for authentication could...
GLSA-202208-11 : Yubico pam-u2f: Local PIN Bypass vulnerability
The remote host is affected by the vulnerability described in GLSA-202208-11 Yubico pam-u2f: Local PIN Bypass vulnerability - Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not...
EulerOS 2.0 SP10 : selinux-policy (EulerOS-SA-2022-2171)
According to the versions of the selinux-policy packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the .config/Yubico directory ...
EulerOS 2.0 SP9 : selinux-policy (EulerOS-SA-2022-1982)
According to the versions of the selinux-policy packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the .config/Yubico directory ...
EulerOS 2.0 SP9 : selinux-policy (EulerOS-SA-2022-2012)
According to the versions of the selinux-policy packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the .config/Yubico directory ...
Huawei EulerOS: Security Advisory for selinux-policy (EulerOS-SA-2022-2012)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for pam-u2f (FEDORA-2021-724f4733e9)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for pam-u2f (FEDORA-2021-a52d48b1c2)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 34 Update: pam-u2f-1.2.0-2.fc34
The PAM U2F module provides an easy way to integrate the Yubikey or other U2F-compliant authenticators into your existing user authentication infrastructure...
[SECURITY] Fedora 35 Update: pam-u2f-1.2.0-2.fc35
The PAM U2F module provides an easy way to integrate the Yubikey or other U2F-compliant authenticators into your existing user authentication infrastructure...
Verification Bypass
Yubico is vulnerable to verification bypass. It has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would sti...
[ASA-202106-16] pam-u2f: authentication bypass
Arch Linux Security Advisory ASA-202106-16 ========================================== Severity: Medium Date : 2021-06-01 CVE-ID : CVE-2021-31924 Package : pam-u2f Type : authentication bypass Remote : No Link : https://security.archlinux.org/AVG-2001 Summary ======= The package pam-u2f before...
Unspecified Vulnerability in Nitrokey FIDO U2F
Nitrokey FIDO2 is an open source security key that supports FIDO2 and U2F standards for strong two-factor authentication and passwordless login. A security vulnerability exists in Nitrokey FIDO U2F firmware version 1.1 and prior versions, which stems from the fact that communications between the...
CVE-2021-31924
Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...