Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-54411

CVE-2026-54411: Linux-PAM Timing Attack Vulnerability

CVE-2026-54411 is a timing attack flaw in Linux-PAM's pam_userdb module that allows attackers to recover plaintext passwords through timing analysis. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-54411 Overview

CVE-2026-54411 is an observable timing discrepancy [CWE-208] in Linux-PAM through version 1.7.2. The flaw resides in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c. An attacker who can repeatedly invoke authentication through a calling service can measure response-timing differences to recover the plaintext password of a target account. The vulnerable code path is reached when administrators configure pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument. Under these settings, credentials are stored and compared in plaintext, exposing both password length and prefix bytes to a side-channel attacker.

Critical Impact

A local or network-adjacent attacker can incrementally recover a target account's plaintext password by timing repeated authentication attempts against services that rely on pam_userdb in plaintext mode.

Affected Products

  • Linux-PAM through 1.7.2
  • Services using the pam_userdb module configured with crypt=none, an unrecognized crypt method, or no crypt= argument
  • Linux distributions bundling vulnerable Linux-PAM releases

Discovery Timeline

  • 2026-06-14 - CVE-2026-54411 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2026-54411

Vulnerability Analysis

The vulnerability is a classic timing side channel against a non-constant-time string comparison. In the plaintext path of pam_userdb.c, the module first performs a length-equality check against the stored password. If lengths match, the code calls strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) to compare the candidate against the stored value.

Both checks complete early. The length test returns immediately on a mismatch, leaking the stored password length. The byte comparison returns at the first differing byte, leaking the index of the first incorrect character. An attacker who can issue many authentication attempts and measure latency can iterate one byte at a time to reconstruct the password.

The attack does not require code execution or memory corruption. It requires only the ability to drive authentication through a service that calls into the vulnerable pam_userdb configuration and to observe response timing with sufficient resolution.

Root Cause

The root cause is the use of non-constant-time comparison primitives (strncmp, strncasecmp) on secret material, combined with an explicit length check that short-circuits before byte comparison. Constant-time comparison helpers such as those in pam_inline.h are not used on this path.

Attack Vector

Exploitation requires a calling service that invokes PAM authentication backed by pam_userdb in plaintext mode. The attacker submits candidate passwords iteratively, first to determine the correct length, then byte-by-byte by selecting candidates whose timing difference indicates a matched prefix. Network jitter raises the difficulty, which is reflected in the attack complexity assessment, but repeated sampling can overcome modest noise.

No verified public exploit code is available for CVE-2026-54411. See the Linux-PAM source for pam_userdb.c and the MITRE CWE-208 definition for technical background.

Detection Methods for CVE-2026-54411

Indicators of Compromise

  • High volumes of failed authentication attempts against a single account on services backed by pam_userdb
  • Repeated short-interval authentication probes from the same source, often with incrementing candidate lengths
  • Authentication logs showing systematic, near-uniform candidate patterns rather than typical user typos

Detection Strategies

  • Audit PAM configuration files in /etc/pam.d/ for pam_userdb.so invocations and inspect for crypt=none, missing crypt=, or unknown crypt arguments
  • Monitor authentication failure rates per account and per source IP, alerting on sustained brute-force-like patterns
  • Correlate timing-sensitive endpoints (web logins, custom services using pam_userdb) with anomalous request frequency from a single principal

Monitoring Recommendations

  • Forward PAM authentication logs (/var/log/auth.log, /var/log/secure) to a centralized log platform for retention and correlation
  • Set rate-limit thresholds for authentication attempts against services using pam_userdb and alert on breaches
  • Track changes to PAM stack configuration files using file integrity monitoring

How to Mitigate CVE-2026-54411

Immediate Actions Required

  • Inventory all services that load pam_userdb.so and identify any configuration using crypt=none, unrecognized crypt methods, or no crypt= argument
  • Reconfigure pam_userdb to use a supported password hashing method such as crypt=crypt so comparisons run against hashed values rather than plaintext
  • Rotate any passwords that were stored or compared in plaintext on affected systems, since prior exposure cannot be ruled out
  • Apply vendor updates to Linux-PAM once a fixed release is published downstream

Patch Information

No fixed Linux-PAM release version has been recorded in the NVD entry at publication time. Track upstream commits in the Linux-PAM repository and distribution security advisories for patched packages. Fixes are expected to replace the plaintext comparison with a constant-time routine drawn from pam_inline.h.

Workarounds

  • Avoid pam_userdb for authentication where possible; prefer system authentication backends that store hashed credentials
  • If pam_userdb is required, always specify an explicit, supported crypt= argument and never store plaintext passwords in the Berkeley DB file
  • Enforce per-account authentication rate limiting through pam_faillock or equivalent to slow timing-based probing
  • Restrict network access to services that authenticate via pam_userdb to trusted networks only
bash
# Example: replace plaintext pam_userdb usage with a hashed configuration
# /etc/pam.d/<service>
auth required pam_userdb.so db=/etc/myapp/userdb crypt=crypt

# Add rate limiting to slow timing probes
auth required pam_faillock.so preauth silent deny=5 unlock_time=900
auth required pam_userdb.so db=/etc/myapp/userdb crypt=crypt
auth [default=die] pam_faillock.so authfail deny=5 unlock_time=900

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.