VYPR
← All advisories
Medium severity5.9NVD Advisory· Published Jun 14, 2026

CVE-2026-54411

CVE-2026-54411

Description

Linux-PAM 1.7.2 and earlier pam_userdb module leaks plaintext passwords via timing differences in strncmp-based comparison.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux-PAM 1.7.2 and earlier pam_userdb module leaks plaintext passwords via timing differences in strncmp-based comparison.

Vulnerability

In the Linux-PAM pam_userdb module (version 1.7.2 and earlier), the plaintext password comparison path in modules/pam_userdb/pam_userdb.c uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) after a length-equality check [2]. This creates an observable timing discrepancy (CWE-208) [1] because the time to reject a candidate depends on the index of the first differing byte and on whether the candidate length matches the stored password. The vulnerable code path is activated when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.

Exploitation

An attacker who is local or network-adjacent to a service using the vulnerable pam_userdb configuration can repeatedly submit authentication attempts with crafted password candidates. By measuring response-time variations (e.g., using precise local timers or network latency analysis), the attacker can first determine the length of the target account's password by observing timing differences between candidates of different lengths. Then, for each character position, the attacker can iteratively guess the byte that causes the earliest timing difference, recovering the password prefix one byte at a time. No prior authentication or special privileges are required beyond the ability to initiate authentication to the vulnerable service.

Impact

Successful exploitation allows the attacker to recover the full plaintext password of a target account. This enables complete account takeover for the affected service, with the same privileges as the legitimate user. The confidentiality of the stored password is fully compromised; integrity and availability of other accounts may be affected if passwords are reused.

Mitigation

As of the publication date (2026-06-14), no patched version of Linux-PAM has been released. Administrators should avoid configuring pam_userdb with crypt=none or without a crypt= argument; instead, use a recognized crypt method (such as crypt=sha512) to store password hashes instead of plaintext. Workarounds include disabling the pam_userdb module entirely or replacing it with a crypt-based PAM module. Upgrade to a future version once a fix is published. The vendor has not yet announced a specific fix version in the available references.

References
  1. CWE-208: Observable Timing Discrepancy (4.20)
  2. linux-pam/modules/pam_userdb/pam_userdb.c at master · linux-pam/linux-pam

AI Insight generated on Jun 14, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Observable timing discrepancy in the plaintext-password comparison path of pam_userdb due to use of strncmp()/strncasecmp() without constant-time comparison."

Attack vector

A local or network-adjacent attacker who can repeatedly drive authentication through a calling service can recover the plaintext password of a target account by measuring response-timing differences [ref_id=1]. The comparison uses `strncmp()` (or `strncasecmp()` when `PAM_ICASE_ARG` is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes [ref_id=1]. The vulnerable path is reached when the administrator configures `pam_userdb` with `crypt=none`, with an unrecognized crypt method, or without a `crypt=` argument [ref_id=1].

Affected code

The vulnerable code resides in `modules/pam_userdb/pam_userdb.c`. The plaintext-password comparison path uses `strncmp()` (or `strncasecmp()` when `PAM_ICASE_ARG` is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password. This path is reached when the administrator configures `pam_userdb` with `crypt=none`, with an unrecognized crypt method, or without a `crypt=` argument.

What the fix does

The advisory does not specify a published patch. The recommended remediation is to avoid using the plaintext comparison path in `pam_userdb` — administrators should configure a proper `crypt=` method or avoid `crypt=none` — and to replace the byte-by-byte comparison with a constant-time comparison function to eliminate the timing side channel [ref_id=1].

Preconditions

  • configThe pam_userdb module must be configured with crypt=none, an unrecognized crypt method, or without a crypt= argument
  • networkThe attacker must be able to repeatedly drive authentication attempts through a service that uses the vulnerable pam_userdb configuration
  • authNo authentication is required; the attacker can be local or network-adjacent

Generated on Jun 14, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.