Security Advisory YSA-2025-01 – Partial Authentication Bypass in pam-u2f Software Package Published Date: 2025-01-14Tracking IDs: YSA-2025-01CVE: CVE-2025-23013CVSS Severity: 7.3 Summary Yubico’s open source pam-u2f software package implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has […]| Yubico
pam-u2f allows to use U2F (Universal 2nd Factor) devices like YubiKeys in the PAM authentication stack. Improper use of PAM_IGNORE return values in the module implementation could allow bypass of the second factor or password-less login without inserting the proper device.| SUSE Security Team Blog