Yubico · Yubico Pam Module · CVE-2018-9275
**Name of the Vulnerable Software and Affected Versions**
Yubico PAM module (aka pam yubico) versions 2.18 through 2.25
**Description**
The issue affects the Yubico PAM module, where successful logins can leak file descriptors to the auth mapping file. This can lead to information disclosure, such as the serial number of a device, and/or Denial of Service (DoS) by reaching the maximum number of file descriptors.
**Recommendations**
For Yubico PAM module versions 2.18 through 2.25, update to a version that contains a fix for this issue to prevent information disclosure and potential DoS attacks.