Back to search
CVE-2011-4120
Published: Nov 26, 2019
Modified: Aug 7, 2024
PUBLISHED
Description
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string.
| Vendor | Product | Versions |
|---|---|---|
yubico-pam | yubico-pam | affected before 2.10 |
References
https://security-tracker.debian.org/tracker/CVE-2011-4120
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4120
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-4120
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/11/07/6
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now