PatchSiren cyber security CVE debrief

CVE-2026-54411 Linux-PAM CVE debrief

CVE-2026-54411 is a MEDIUM severity vulnerability in Linux-PAM, allowing a local or network-adjacent attacker to recover plaintext passwords by measuring timing differences in the pam_userdb module. The vulnerability is caused by an observable timing discrepancy in the plaintext-password comparison path.

Vendor: Linux-PAM
Product: Unknown
CVSS: MEDIUM 6.9
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-14
Original CVE updated: 2026-06-14
Advisory published: 2026-06-14
Advisory updated: 2026-06-14

Who should care

Administrators and users of Linux-PAM, particularly those using pam_userdb with crypt=none, unrecognized crypt methods, or without a crypt= argument.

Technical summary

The pam_userdb module in Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in its plaintext-password comparison path. This allows an attacker to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, leaking the password length and individual prefix bytes.

Defensive priority

MEDIUM

Recommended defensive actions

Update Linux-PAM to a version that fixes the vulnerability.
Configure pam_userdb with a secure crypt method.
Use a secure authentication mechanism to prevent exploitation.

Evidence notes

The vulnerability is confirmed by the CVE record and NVD detail pages. [resourceLinkAnnotations:cve-org,nvd]

Official resources

CVE-2026-54411 CVE record
CVE.org
CVE-2026-54411 NVD detail
NVD
Source item URL
nvd_modified
Source reference
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
Source reference
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
Source reference
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
Source reference
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c

CVE-2026-54411 was published on 2026-06-14T18:17:20.587Z and has not been modified since then.