- Description
- In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 7.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- cve@mitre.org
- CWE-394
- Hype score
- Not currently trending
#exploit 1. CVE-2025-0107: Palo Alto Expedition Tool OS Command Injection - https://t.co/zjTJG9qfQb 2. CVE-2025-22710: WP WooCommerce SQLI - https://t.co/rNTF9xwiwu 3. CVE-2025-23013: Yubico PAM Module Authentication Bypass in Certain Configurations - https://t.co/oqrWCTXihb
@ksg93rd
21 Jan 2025
192 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Yubico Addresses Authentication Bypass Vulnerability CVE-2025-23013 in pam-u2f Package https://t.co/We1nQvAQnN
@Dinosn
17 Jan 2025
1184 Impressions
1 Retweet
9 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2025-23013 In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed t… https://t.co/7lGkrEPp9s
@CVEnew
15 Jan 2025
184 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23013 Authentication Bypass Leads to Privilege Escalation in Yubico pam-u2f https://t.co/dlnQ2iap9I
@VulmonFeeds
15 Jan 2025
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes