Package: libpam-u2f Version: 1.1.0-1.1+b1 Followup-For: Bug #1022073 X-Debbugs-Cc: cqu...@arcor.de
The following blog from yubico, who are the developers of libpam-u2f recommends using at least version 1.1.1 since there is a risk of local PIN bypass: https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login- Guide-U2F The issue is in libpam-u2f 1.1.0, which is exactly the version shipped right now with Debian (bullseye, bookworm, sid) -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-3-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE=es_ES:es Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libpam-u2f depends on: ii libc6 2.36-8 ii libfido2-1 1.12.0-2 ii libpam0g 1.5.2-6 ii libssl3 3.0.8-1 Versions of packages libpam-u2f recommends: ii pamu2fcfg 1.1.0-1.1+b1 libpam-u2f suggests no packages. -- no debconf information