CVE-2025-24032— PAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-24032
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`)
Source: NVD (National Vulnerability Database)
Vulnerability Description
PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user's public data (e.g. the user's certificate) and a PIN known to the attacker. If no signature with the private key is required, then the attacker may now login as user with that created token. The default to *not* check the private key's signature has been changed with commit commi6638576892b59a99389043c90a1e7dd4d783b921, so that all versions starting with pam_pkcs11-0.6.0 should be affected. As a workaround, in `pam_pkcs11.conf`, set at least `cert_policy = signature;`.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
PAM-PKCS#11 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PAM-PKCS#11是OpenSC开源的一个登录模块。 PAM-PKCS#11 0.6.13之前版本存在授权问题漏洞,该漏洞源于默认配置下不检查私钥签名,允许攻击者用用户的公开数据创建新令牌并登录。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| OpenSC | pam_pkcs11 | < 0.6.13 | - |
II. Public POCs for CVE-2025-24032
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-24032
请登录查看更多情报信息。
- Release Release 0.6.13 · OpenSC/pam_pkcs11 · GitHubx_refsource_MISC
- Updated ChangeLog and NEWS · OpenSC/pam_pkcs11@4702632 · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2025-24032
IV. Related Vulnerabilities
Same vendor: OpenSC
- CVE-2025-13763
Libopensc: opensc: multiple uses of uninitialized variable - CVE-2025-66215
OpenSC: Stack-buffer-overflow WRITE in card-oberthur - CVE-2025-66038
OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds po - CVE-2025-66037
OpenSC: Out of Bounds vulnerability - CVE-2025-49010
OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2025-24032
No comments yet