Impact
The vulnerability stems from the xfree() helper in pam_usb, which frees heap memory without zeroing the contents. This oversight allows sensitive cryptographic data – such as one‑time pad bytes read from removable media – to remain in freed heap memory until overwritten. An attacker who can trigger a use‑after‑free condition or otherwise inspect heap contents can recover these values, potentially compromising authentication schemes that depend on the confidentiality of this data.
Affected Systems
The affected product is pam_usb from mcdope, specifically all releases 0.9.1 and below. Any system running those versions and using the USB‑based authentication mechanism is susceptible.
Risk and Exploitability
The CVSS score of 4.7 indicates moderate severity. Because exploiting the flaw requires either a use‑after‑free scenario or access to heap inspection tools, the practical attack surface is limited to local or privileged users; the EPSS score is not reported and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, the potential for sensitive data exposure warrants prompt mitigation.
OpenCVE Enrichment