CVE-2020-24612

Name of the Vulnerable Software and Affected Versions selinux-policy versions 3.14 through 2020-08-24

Description An issue in the selinux-policy package causes the .config/Yubico directory to be mishandled. As a result, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option and the file cannot be read, the second factor is disabled, allowing an attacker with only password knowledge to log in and bypass 2FA.

Recommendations For selinux-policy versions 3.14 through 2020-08-24, consider updating the selinux-policy package to a version that properly handles the .config/Yubico directory, ensuring pam-u2f can read the U2F configuration file and 2FA functions as intended.