Vulnerabilities > Yubico > PAM U2F > 1.0.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2021-31924 | Improper Authentication vulnerability in multiple products Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. | 6.8 |
| 2019-06-04 | CVE-2019-12210 | Unspecified vulnerability in Yubico Pam-U2F 1.0.7 In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. | 5.5 |
| 2019-06-04 | CVE-2019-12209 | Link Following vulnerability in Yubico Pam-U2F 1.0.7 Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. | 7.5 |