Description
Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.
Published: 2026-06-14
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Linux‑PAM versions up to 1.7.2 contain an observable timing discrepancy (CWE‑208) in the pam_userdb module’s plaintext‑password comparison routine, which allows a local or network‑adjacent attacker to recover a target account’s plaintext password by measuring response‑timing differences. The comparison uses a length equality check followed by a byte‑by‑byte comparison with strncmp() (or strncasecmp() when case‑insensitive mode is enabled); the time to reject a candidate depends on the index of the first differing byte and on whether the candidate’s length matches the stored password, thereby leaking the password length and successive prefix bytes.

Affected Systems

The flaw is present in Linux‑PAM versions through 1.7.2 whenever the pam_userdb module is configured with crypt=none, an unrecognized crypt method, or with no crypt argument, causing the module to store and compare credentials in cleartext. Services that use pam_userdb for authentication – such as SSH, sudo, or other PAM‑enabled applications – may thus expose user passwords to an attacker who can repeatedly trigger authentication.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. A local or network‑adjacent attacker who can repeatedly drive authentication against the affected service can recover the full plaintext password by timing the comparison. The attack requires only that the service using pam_userdb be reachable, so restricting network exposure can reduce the likelihood of exploitation.

Generated by OpenCVE AI on June 14, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Reconfigure pam_userdb to use a supported cryptographic hash by specifying a valid crypt method or removing the crypt=none setting so that passwords are hashed before comparison.
  • If the module cannot be reconfigured, consider disabling pam_userdb for accounts that do not require plaintext passwords or removing the module from the service’s PAM stack.
  • Limit the network exposure of services that rely on pam_userdb by applying firewall rules or placing them behind a trusted subnet to make it difficult for an attacker to trigger authentication attempts.

Generated by OpenCVE AI on June 14, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 14 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Title Timing Attack Enables Password Reconstruction in Linux-PAM pam_userdb

Sun, 14 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux-pam
Linux-pam linux-pam
Vendors & Products Linux-pam
Linux-pam linux-pam

Sun, 14 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.
Weaknesses CWE-208
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:N/V:D'}

Subscriptions

Linux-pam Linux-pam
cve-icon MITRE

Status: PUBLISHED

Assigner: TuranSec

Published:

Updated: 2026-06-14T17:21:43.853Z

Reserved: 2026-06-13T16:39:46.122Z

Link: CVE-2026-54411

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-14T18:17:20.587

Modified: 2026-06-14T18:17:20.587

Link: CVE-2026-54411

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-14T19:00:08Z

Weaknesses
  • CWE-208

    Observable Timing Discrepancy