Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Yubico PAM模块信息泄露漏洞
Vulnerability Description
Yubico PAM module(又名pam_yubico)是一个PAM身份认证模块,它能够将YubiKey集成到现有用户认证基础设施中。 Yubico PAM模块 2.18版本至2.25版本中的util.c文件的check_user_token中存在信息泄露漏洞,该漏洞源于登陆成功可能会导致文件描述符泄露到auth映射文件中。攻击者可利用该漏洞泄露信息(设备序列号)和/或造成拒绝服务(达到文件描述符的最大数量)。
CVSS Information
N/A
Vulnerability Type
N/A