VYPR
Critical severity9.8NVD Advisory· Published Nov 26, 2019· Updated Jun 16, 2026

CVE-2011-4120

CVE-2011-4120

Description

Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Yubico/PAM Modulellm-create
    Range: <2.10
  • yubico-pam/yubico-pamv5
    Range: before 2.10

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.