{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-54411", "assignerOrgId": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "state": "PUBLISHED", "assignerShortName": "TuranSec", "dateReserved": "2026-06-13T16:39:46.122Z", "datePublished": "2026-06-14T17:21:43.853Z", "dateUpdated": "2026-06-14T17:21:43.853Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "shortName": "TuranSec", "dateUpdated": "2026-06-14T17:21:43.853Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-208", "description": "CWE-208 Observable Timing Discrepancy", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "An attacker who can repeatedly drive authentication through a service that invokes pam_userdb with plaintext-password configuration and without an artificial failure delay can measure response-timing differences to learn the correct password length and recover the plaintext password byte by byte. Recovery requires many measurements per character and is sensitive to scheduling and network jitter; recovery of one user's secret does not by itself yield access to other accounts. Practical exploitation is gated by an administrative misconfiguration (pam_userdb storing passwords in plaintext, reached when the module is configured with crypt=none, with an unknown crypt method, or with no crypt= option) and by the absence of failure-delay or rate-limiting in the calling service."}]}], "affected": [{"vendor": "Linux-PAM", "product": "Linux-PAM", "collectionURL": "https://github.com/linux-pam/linux-pam", "repo": "https://github.com/linux-pam/linux-pam", "modules": ["pam_userdb"], "programFiles": ["modules/pam_userdb/pam_userdb.c"], "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.7.2", "versionType": "semver"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in <code>modules/pam_userdb/pam_userdb.c</code> that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses <code>strncmp()</code> (or <code>strncasecmp()</code> when <code>PAM_ICASE_ARG</code> is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with <code>crypt=none</code>, with an unrecognized crypt method, or without a <code>crypt=</code> argument, causing the module to store and compare credentials in plaintext.</p>"}]}], "references": [{"url": "https://github.com/linux-pam/linux-pam", "name": "Linux-PAM - upstream repository", "tags": ["product"]}, {"url": "https://github.com/linux-pam/linux-pam/blob/master/modules/pam_userdb/pam_userdb.c#L327", "name": "Vulnerable plaintext-password comparison in pam_userdb.c (master)", "tags": ["product"]}, {"url": "https://github.com/linux-pam/linux-pam/blob/master/libpam/include/pam_inline.h", "name": "pam_consttime_streq helper available for the remediation", "tags": ["product"]}, {"url": "https://cwe.mitre.org/data/definitions/208.html", "name": "CWE-208: Observable Timing Discrepancy", "tags": ["technical-description"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "An attacker repeatedly authenticates through a service that calls pam_userdb (plaintext mode) and measures the time the service takes to reject each candidate password to learn the password length and recover the password one byte at a time."}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "NOT_DEFINED", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:N/V:D"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "credits": [{"lang": "en", "value": "Xurshidbek Sobirjonov", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}, "x_author": "Xurshidbek Sobirjonov", "x_assigner_notes": "The vulnerable comparison was verified by direct source inspection of modules/pam_userdb/pam_userdb.c at tag v1.7.2 and at master HEAD as of disclosure: lines 327-332 perform a length-equality early exit followed by strncmp() / strncasecmp(). Linux-PAM has previously addressed the same weakness class in a sibling module: NEWS for Release 1.7.0 records \"pam_unix: compare password hashes in constant time\", and Release 1.6.0 hardened pam_mkhomedir \"against timing attacks\". The pam_consttime_streq() helper used by those fixes lives in libpam/include/pam_inline.h, which pam_userdb.c already includes, so the remediation in pam_userdb is a drop-in replacement of the strncmp call. The v1.7.2 release notes do not list a pam_userdb hardening change. Exploitation is gated by (a) the administrator having configured pam_userdb with plaintext password storage (crypt=none, unknown crypt method, or no crypt= option), a discouraged but documented configuration; and (b) the calling service not applying an authentication-failure delay - both gates raise attack complexity and bound real-world impact, so CVSS is scored MEDIUM rather than HIGH consistent with prior CWE-208 timing-leak CVE scoring."}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext."}], "id": "CVE-2026-54411", "lastModified": "2026-06-14T18:17:20.587", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "type": "Secondary"}]}, "published": "2026-06-14T18:17:20.587", "references": [{"source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "url": "https://cwe.mitre.org/data/definitions/208.html"}, {"source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "url": "https://github.com/linux-pam/linux-pam"}, {"source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "url": "https://github.com/linux-pam/linux-pam/blob/master/libpam/include/pam_inline.h"}, {"source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "url": "https://github.com/linux-pam/linux-pam/blob/master/modules/pam_userdb/pam_userdb.c#L327"}], "sourceIdentifier": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-208"}], "source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.7.2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux-PAM", "source": "cna", "vendor": "Linux-PAM"}, "product": "linux-pam", "vendor": "linux-pam"}], "created": "2026-06-14T18:30:12.975671+00:00", "title": "Timing Attack Enables Password Reconstruction in Linux-PAM pam_userdb", "updated": "2026-06-14T19:00:08.850881+00:00", "vendors": ["linux-pam", "linux-pam$PRODUCT$linux-pam"]}