Hi Sam, On Wed, Jun 17, 2026 at 06:17:31AM -0600, Sam Hartman wrote: > > > >>>>> "Salvatore" == Salvatore Bonaccorso <[email protected]> writes: > > Salvatore> pam_userdb module's plaintext-password comparison | path > Salvatore> in modules/pam_userdb/pam_userdb.c that allows a local or > Salvatore> | network-adjacent attacker able to repeatedly drive > Salvatore> authentication | through a calling service to recover the > Salvatore> plaintext password of a | target account by measuring > Salvatore> response-timing differences. The | comparison uses > Salvatore> strncmp() (or strncasecmp() when PAM_ICASE_ARG is | set) > Salvatore> preceded by a length-equality check, so the time to > Salvatore> reject a | candidate depends on the index of the first > Salvatore> differing byte and on | whether the candidate's length > Salvatore> matches the stored password, leaking | the password > Salvatore> length and individual prefix bytes. The vulnerable path | > Salvatore> is reached when the administrator configures pam_userdb > Salvatore> with | crypt=none, with an unrecognized crypt method, or > Salvatore> without a crypt= | argument, causing the module to store > Salvatore> and compare credentials in | plaintext. > > I'll fix, but it's important to note that pam_userdb is not configurde > by default on Debian systems, and that best practice when configuring > something like this is to configure a crypt method. > > Which is to say that I agree it is a vulnerability in a particular rare > configuration.
I agree with your assessment. Once the upstream fix is accepted is enough to address it in unstable IMHO. For trixie it might be enough to then make a point release update instead (i.e. not warranting a DSA). Regards, Salvatore
