Yubico PAM 2.8 (IMPORTANT)
38 views
Skip to first unread message
Fredrik Thulin
Aug 26, 2011, 8:44:07 AM8/26/11
to yubico-devel
A security problem in version 2.4 - 2.7 of Yubico PAM has been found
and patched by Nanakos Chrysostomos <nan...@wired-net.gr>.
If pam_yubico was configured as 'sufficient' in the PAM configuration
(meaning single factor YubiKey authentication only), and
use_first_pass was NOT used then you could simply press Ctrl+D at the
"Yubikey for `username': " prompt to log in.
At least on Ubuntu 11.04, this did not affect remote logins using SSH
although it did affect `su'.
Get it from
http://code.google.com/p/yubico-pam/downloads/list
or from my PPA (https://launchpad.net/~fredrikt/+archive/yubico) if
you are using Ubuntu.
/Fredrik
and patched by Nanakos Chrysostomos <nan...@wired-net.gr>.
If pam_yubico was configured as 'sufficient' in the PAM configuration
(meaning single factor YubiKey authentication only), and
use_first_pass was NOT used then you could simply press Ctrl+D at the
"Yubikey for `username': " prompt to log in.
At least on Ubuntu 11.04, this did not affect remote logins using SSH
although it did affect `su'.
Get it from
http://code.google.com/p/yubico-pam/downloads/list
or from my PPA (https://launchpad.net/~fredrikt/+archive/yubico) if
you are using Ubuntu.
/Fredrik
Reply all
Reply to author
Forward
0 new messages