Klas Lindfors

2 exploits Active since Apr 2018

CVE-2018-9275 WRITEUP HIGH WRITEUP

Yubico Pam < 2.25 - Information Disclosure

In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).

CVSS 8.2

View Code

CVE-2019-9578 WRITEUP HIGH WRITEUP

Yubico libu2f-host <1.1.8 - Memory Corruption

In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.

CVSS 7.5

View Code