Описание
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.6.13-1 |
| esm-apps/bionic | not-affected | see notes |
| esm-apps/focal | not-affected | see notes |
| esm-apps/jammy | not-affected | see notes |
| esm-apps/noble | released | 0.6.12-2ubuntu0.24.04.1 |
| esm-apps/xenial | not-affected | see notes |
| focal | not-affected | see notes |
| jammy | not-affected | see notes |
| noble | released | 0.6.12-2ubuntu0.24.04.1 |
| oracular | released | 0.6.12-2ubuntu0.24.10.1 |
Показывать по
EPSS
6.7 Medium
CVSS3
Связанные уязвимости
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly retu ...
Уязвимость функции pam_sm_authenticate() модуля аутентификации PAM-PKCS#11 операционных систем Linux, позволяющая нарушителю обойти процедуру аутентификации и получить несанкционированный доступ к защищаемой информации
EPSS
6.7 Medium
CVSS3