Critical severity9.8NVD Advisory· Published Nov 26, 2019· Updated Jun 16, 2026
CVE-2011-4120
CVE-2011-4120
Description
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.10
- yubico-pam/yubico-pamv5Range: before 2.10
Patches
Vulnerability mechanics
References
4- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- access.redhat.com/security/cve/cve-2011-4120nvdBroken LinkThird Party Advisory
- security-tracker.debian.org/tracker/CVE-2011-4120nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2011/11/07/6nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.