Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive ...
CVE-2026-54411 is a vulnerability in Linux-PAM through version 1.7.2 affecting the pam_userdb module. It involves an observable timing discrepancy in the plaintext-password comparison path, which could be exploited by a local or network-adjacent attacker able to repeatedly interact with the system. The vulnerability is identified as CWE-208 (Observable Timing Discrepancy). The affected version explicitly stated is version 3.0. No CVSS score is provided for this vulnerability.
AI Analysis
Technical Summary
This vulnerability in Linux-PAM's pam_userdb module allows an attacker with local or network-adjacent access to exploit a timing discrepancy during plaintext-password comparison. This side-channel weakness could potentially reveal information about password validity through timing analysis. The issue is tracked as CWE-208 and affects version 3.0 of the software. There is no indication of known exploits in the wild or a published patch at this time.
Potential Impact
The vulnerability could allow an attacker to gain information about password correctness by measuring timing differences during authentication attempts. This may facilitate further attacks such as password guessing or credential compromise. However, the exploit requires repeated interaction and local or network-adjacent access. No known exploits have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch links are provided at this time. Until a patch is available, limit local and network-adjacent access to trusted users and monitor for unusual authentication attempts related to pam_userdb.
Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive ...
Description
CVE-2026-54411 is a vulnerability in Linux-PAM through version 1.7.2 affecting the pam_userdb module. It involves an observable timing discrepancy in the plaintext-password comparison path, which could be exploited by a local or network-adjacent attacker able to repeatedly interact with the system. The vulnerability is identified as CWE-208 (Observable Timing Discrepancy). The affected version explicitly stated is version 3.0. No CVSS score is provided for this vulnerability.
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Linux-PAM's pam_userdb module allows an attacker with local or network-adjacent access to exploit a timing discrepancy during plaintext-password comparison. This side-channel weakness could potentially reveal information about password validity through timing analysis. The issue is tracked as CWE-208 and affects version 3.0 of the software. There is no indication of known exploits in the wild or a published patch at this time.
Potential Impact
The vulnerability could allow an attacker to gain information about password correctness by measuring timing differences during authentication attempts. This may facilitate further attacks such as password guessing or credential compromise. However, the exploit requires repeated interaction and local or network-adjacent access. No known exploits have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch links are provided at this time. Until a patch is available, limit local and network-adjacent access to trusted users and monitor for unusual authentication attempts related to pam_userdb.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_vex
- Csaf Version
- 2.0
- Publisher
- Microsoft Security Response Center
- Advisory Id
- msrc_CVE-2026-54411
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a3270780b89be68881d7a14
Added to database: 6/17/2026, 10:01:28 AM
Last enriched: 6/17/2026, 10:08:15 AM
Last updated: 6/17/2026, 1:05:29 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.