Описание
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.
A flaw was found in pam_pkcs11. The pam_sm_authenticate function wrongly returns PAM_IGNORE in some communication errors with a smartcard or PKCS#11 token, such as a smartcard being removed or a hardware failure. In some specific PAM configurations, this return code allows the authentication process to continue without valid credentials, effectively granting unauthorized access to the system.
Отчет
To exploit this flaw, an attacker needs to cause a communication failure between the system software and the smartcard hardware. Additionally, this issue is only exploitable if PAM is configured to allow smartcard login without a secondary password requirement. Due to these reasons, this vulnerability has been rated with a moderate severity.
Меры по смягчению последствий
To mitigate this issue, review PAM configurations that include pam_pkcs11. Ensure that the pam_pkcs11.so module is not configured with sufficient or optional in a manner that allows authentication to succeed when pam_pkcs11 returns PAM_IGNORE due to smartcard communication errors. If pam_pkcs11 is not actively used for authentication, consider removing its entry from the relevant PAM configuration files (e.g., /etc/pam.d/system-auth, /etc/pam.d/login). Incorrect modifications to PAM configuration files can lead to system lockout; always back up configuration files before making changes and test thoroughly.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | pam_pkcs11 | Not affected | ||
| Red Hat Enterprise Linux 7 | pam_pkcs11 | Not affected |
Показывать по
Дополнительная информация
Статус:
6.7 Medium
CVSS3
Связанные уязвимости
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly retu ...
Уязвимость функции pam_sm_authenticate() модуля аутентификации PAM-PKCS#11 операционных систем Linux, позволяющая нарушителю обойти процедуру аутентификации и получить несанкционированный доступ к защищаемой информации
6.7 Medium
CVSS3