Security
Security
A vulnerability has been discovered in Yubico pam-u2f, which can lead to a partial authentication bypass.
| Package | sys-auth/pam_u2f on all architectures |
|---|---|
| Affected versions | < 1.3.2 |
| Unaffected versions | >= 1.3.2 |
Yubico pam-u2f is a PAM module for FIDO2 and U2F keys.
Multiple vulnerabilities have been discovered in Yubico pam-u2f. Please review the CVE identifiers referenced below for details.
Depending on specific settings and usage scenarios the result of the pam-u2f module may be altered or ignored.
There is no known workaround at this time.
All Yubico pam-u2f users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-auth/pam_u2f-1.3.2"
Release date
January 23, 2025
Latest revision
January 23, 2025: 1
Severity
high
Exploitable
local
Bugzilla entries