Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-23013

Опубликовано: 15 янв. 2025
Источник: debian
EPSS Низкий

Описание

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pam-u2ffixed1.3.1-1package

Примечания

  • Fixed by: https://github.com/Yubico/pam-u2f/commit/a96ef17f74b8e4ed80a97322120af1a228a1ffb7 (pam_u2f-1.3.1)

  • Fixed by: https://github.com/Yubico/pam-u2f/commit/08199144d870a63275a4601dbc6751ac68d48301 (pam_u2f-1.3.1)

  • https://www.yubico.com/support/security-advisories/ysa-2025-01/

  • https://www.openwall.com/lists/oss-security/2025/01/15/1

  • Related (authfile) hardening (not part of the CVE):

  • https://github.com/Yubico/pam-u2f/commit/51cea61c89b750cad899eb2d34299d5d41d04090 (pam_u2f-1.3.1)

  • https://github.com/Yubico/pam-u2f/commit/f573707012f92e31172a7b14b6e36f8e93a02478 (pam_u2f-1.3.2)

EPSS

Процентиль: 24%
0.00079
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-23013

ubuntu
11 месяцев назад

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.

nvd логотип

CVE-2025-23013

nvd
11 месяцев назад

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.

suse-cvrf логотип

SUSE-SU-2025:0200-1

suse-cvrf
10 месяцев назад

Security update for pam_u2f

suse-cvrf логотип

SUSE-SU-2025:0198-1

suse-cvrf
10 месяцев назад

Security update for pam_u2f

suse-cvrf логотип

SUSE-SU-2025:0192-1

suse-cvrf
11 месяцев назад

Security update for pam_u2f

EPSS

Процентиль: 24%
0.00079
Низкий