
Find real vulnerabilities before they ship
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).
Base Score
8.2| Base Score | 8.2 |
|---|---|
| Vector String | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
| Base Severity | High |
| Version | 3.0 |
| Attack Vector (AV) | NETWORK |