#1140190 pam: CVE-2026-54411

Package:
src:pam
Source:
src:pam
Submitter:
Salvatore Bonaccorso
Date:
2026-06-17 13:59:03 UTC
Severity:
normal
Tags:
#1140190#5
Date:
2026-06-17 05:45:09 UTC
From:
To:
Hi,

The following vulnerability was published for pam.

CVE-2026-54411[0]:
| Linux-PAM through 1.7.2 contains an observable timing discrepancy
| (CWE-208) in the pam_userdb module's plaintext-password comparison
| path in modules/pam_userdb/pam_userdb.c that allows a local or
| network-adjacent attacker able to repeatedly drive authentication
| through a calling service to recover the plaintext password of a
| target account by measuring response-timing differences. The
| comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is
| set) preceded by a length-equality check, so the time to reject a
| candidate depends on the index of the first differing byte and on
| whether the candidate's length matches the stored password, leaking
| the password length and individual prefix bytes. The vulnerable path
| is reached when the administrator configures pam_userdb with
| crypt=none, with an unrecognized crypt method, or without a crypt=
| argument, causing the module to store and compare credentials in
| plaintext.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-54411
https://www.cve.org/CVERecord?id=CVE-2026-54411
[1] https://github.com/linux-pam/linux-pam/issues/992

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
#1140190#10
Date:
2026-06-17 12:17:31 UTC
From:
To:
    Salvatore> pam_userdb module's plaintext-password comparison | path
    Salvatore> in modules/pam_userdb/pam_userdb.c that allows a local or
    Salvatore> | network-adjacent attacker able to repeatedly drive
    Salvatore> authentication | through a calling service to recover the
    Salvatore> plaintext password of a | target account by measuring
    Salvatore> response-timing differences. The | comparison uses
    Salvatore> strncmp() (or strncasecmp() when PAM_ICASE_ARG is | set)
    Salvatore> preceded by a length-equality check, so the time to
    Salvatore> reject a | candidate depends on the index of the first
    Salvatore> differing byte and on | whether the candidate's length
    Salvatore> matches the stored password, leaking | the password
    Salvatore> length and individual prefix bytes. The vulnerable path |
    Salvatore> is reached when the administrator configures pam_userdb
    Salvatore> with | crypt=none, with an unrecognized crypt method, or
    Salvatore> without a crypt= | argument, causing the module to store
    Salvatore> and compare credentials in | plaintext.

I'll fix, but it's important to note that pam_userdb is not configurde
by default on Debian systems, and that best practice when  configuring
something like this is to configure a crypt method.

Which is to say that I agree it is a vulnerability in a particular rare configuration.
#1140190#15
Date:
2026-06-17 13:57:06 UTC
From:
To:
Hi Sam,

I agree with your assessment. Once the upstream fix is accepted is
enough to address it in unstable IMHO. For trixie it might be enough
to then make a point release update instead (i.e. not warranting a
DSA).

Regards,
Salvatore