PT-2018-18953 · Yubico · Yubico Pam Module

Marc-Sensenich

Published

2018-04-04

Updated

2024-06-15

CVE-2018-9275

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions Yubico PAM module (aka pam yubico) versions 2.18 through 2.25

Description The issue affects the Yubico PAM module, where successful logins can leak file descriptors to the auth mapping file. This can lead to information disclosure, such as the serial number of a device, and/or Denial of Service (DoS) by reaching the maximum number of file descriptors.

Recommendations For Yubico PAM module versions 2.18 through 2.25, update to a version that contains a fix for this issue to prevent information disclosure and potential DoS attacks.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-9275

OPENSUSE-SU-2024:11146-1

Affected Products

Yubico Pam Module

PT-2018-18953 · Yubico · Yubico Pam Module

CVE-2018-9275

Weakness Enumeration

Related Identifiers

Affected Products

References · 12