In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4040 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4040-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/               Emilio Pozuelo Monfort     February 03, 2025                             https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : pam-u2f     Version        : 1.1.0-1.1+deb11u1     CVE ID         : CVE-2025-23013

    Matthias Gerstner reported that pam-u2f, a PAM module which allows to     use U2F (Universal 2nd Factor) devices in the PAM authentication stack,     does not properly handle PAM_IGNORE return values, allowing to bypass     the second factor or password-less login without inserting the proper     device.

    For Debian 11 bullseye, this problem has been fixed in version     1.1.0-1.1+deb11u1.

    We recommend that you upgrade your pam-u2f packages.

    For the detailed security status of pam-u2f please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/pam-u2f

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5853 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5853-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     January 29, 2025                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : pam-u2f     CVE ID         : CVE-2025-23013

    Matthias Gerstner reported that pam-u2f, a PAM module which allows to     use U2F (Universal 2nd Factor) devices in the PAM authentication stack,     does not properly handle PAM_IGNORE return values, allowing to bypass     the second factor or password-less login without inserting the proper     device.

    For the stable distribution (bookworm), this problem has been fixed in     version 1.1.0-1.1+deb12u1.

    We recommend that you upgrade your pam-u2f packages.

    For the detailed security status of pam-u2f please refer to its security     tracker page at:
    https://security-tracker.debian.org/tracker/pam-u2f

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b58b563b77 advisory.

    pam-u2f 1.3.1 includes a fix to resolve CVE-2025-23013 (Partial Authentication Bypass). CVSS score 7.3.
    1.3.2 is a fix for a regression that could impact existing use cases.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-29900cbe83 advisory.

    pam-u2f 1.3.1 includes a fix to resolve CVE-2025-23013 (Partial Authentication Bypass). CVSS score 7.3.
    1.3.2 is a fix for a regression that could impact existing use cases.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202501-04 (Yubico pam-u2f: Partial Authentication Bypass)

    Multiple vulnerabilities have been discovered in Yubico pam-u2f. Please review the CVE identifiers     referenced below for details.

Tenable has extracted the preceding description block directly from the Gentoo Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:0198-1 advisory.

    - CVE-2025-23013: Fixed problematic PAM_IGNORE return values in `pam_sm_authenticate()` (bsc#1233517)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:0200-1 advisory.

    - CVE-2025-23013: Fixed problematic PAM_IGNORE return values in `pam_sm_authenticate()` (bsc#1233517)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:0192-1 advisory.

    - CVE-2025-23013: Fixed problematic PAM_IGNORE return values in `pam_sm_authenticate()` (bsc#1233517)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:0167-1 advisory.

    - CVE-2025-23013: Fixed problematic PAM_IGNORE return values in `pam_sm_authenticate()` (bsc#1233517)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
214949	Debian dla-4040 : libpam-u2f - security update	Nessus	Debian Local Security Checks	high
214792	Debian dsa-5853 : libpam-u2f - security update	Nessus	Debian Local Security Checks	high
214635	Fedora 40 : pam-u2f (2025-b58b563b77)	Nessus	Fedora Local Security Checks	high
214565	Fedora 41 : pam-u2f (2025-29900cbe83)	Nessus	Fedora Local Security Checks	high
214559	GLSA-202501-04 : Yubico pam-u2f: Partial Authentication Bypass	Nessus	Gentoo Local Security Checks	high
214456	SUSE SLES12 Security Update : pam_u2f (SUSE-SU-2025:0198-1)	Nessus	SuSE Local Security Checks	high
214455	SUSE SLES15 Security Update : pam_u2f (SUSE-SU-2025:0200-1)	Nessus	SuSE Local Security Checks	high
214429	SUSE SLES15 Security Update : pam_u2f (SUSE-SU-2025:0192-1)	Nessus	SuSE Local Security Checks	high
214369	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : pam_u2f (SUSE-SU-2025:0167-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2025-23013

high

Tenable Plugins

high

high

high

high

high

high

high

high

high