2019-11-26 04:17:52
redhat
PUBLISHED
Yubico PAM Module before 2.10 performed user authentication when use_first_pass PAM configuration option was not used and the module was configured as sufficient in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string.