#VU106019 Improper authentication in pam_pkcs11 - CVE-2025-24032
Published: March 25, 2025
Vulnerability identifier: #VU106019
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-24032
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
pam_pkcs11
pam_pkcs11
Software vendor:
OpenSC
OpenSC
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the default cert_policy value is set to "none". A remote attacker can forge a token and bypass authentication process.
Remediation
Install updates from vendor's website.
External links
- https://github.com/OpenSC/pam_pkcs11/commit/470263258d1ac59c5eade439c4d9caba0097e6e6
- https://github.com/OpenSC/pam_pkcs11/commit/b665b287ff955bbbd9539252ff9f9e2754c3fb48
- https://github.com/OpenSC/pam_pkcs11/commit/d9530167966a77115db6e885d459382a2e52ee9e
- https://github.com/OpenSC/pam_pkcs11/releases/tag/pam_pkcs11-0.6.13
- https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-8r8p-7mgp-vf56
- https://lists.debian.org/debian-lts-announce/2025/02/msg00021.html