CVE-2011-4120

Name of the Vulnerable Software and Affected Versions Yubico PAM Module versions prior to 2.10

Description The issue allows a remote attacker to bypass the common authentication process by providing a NULL value as the password string, potentially gaining access to an account. This can be achieved by pressing the Ctrl-D keyboard sequence when the use first pass PAM configuration option is not used and the module is configured as 'sufficient' in the PAM configuration.

Recommendations For Yubico PAM Module versions prior to 2.10, update to version 2.10 or later to resolve the issue. As a temporary workaround, consider configuring the use first pass PAM configuration option or changing the module configuration to 'required' to minimize the risk of exploitation.