CVE-2025-24032 highlights a critical security flaw in the PAM-PKCS#11 Linux Pluggable Authentication Module, used to let users authenticate using X.509 certificates (smart cards, tokens, etc). This flaw, quietly present in versions .6. through .6.12 (and likely older), makes it possible for attackers to impersonate users if the default configuration hasn’t been changed.
Let’s go step by step and explain exactly how this works, how you can test for it, and how to fix and mitigate it.
What’s the Vulnerability?
By default, cert_policy is set to none in pam_pkcs11.conf. This tells PAM-PKCS#11 to only check if a user exists in the token—not to check if they control the private key!
If an attacker can copy the user's certificate (public), they can put it on their own device and set a PIN of their choice, then log in as the user—without ever possessing the user’s private key.
Why did this Happen?
This behavior comes from the default in the configuration as none, and is finally fixed in this commit to require a signature by default.
The Requirements
- Access to the user’s public certificate (e.g., exported from a smartcard, or leaked from a directory)
The system must have default cert_policy = none
#### Steps to Reproduce/Exploit
1. Extract the target user’s public certificate.
This could be exported by anyone with access to the token, or from organization repositories.
2. Create a new token with your own PIN and load the user’s certificate
# Using softhsm2 (software emulated token example)
softhsm2-util --init-token --slot --label "FakeUserToken" --pin 123456 --so-pin 654321
softhsm2-util --import user_cert.pem --slot --label "Target User" --pin 123456
Example: Original Vulnerable pam_pkcs11.conf
# /etc/pam_pkcs11/pam_pkcs11.conf
cert_policy = none; # <-- Insecure! The default!
# Should be: cert_policy = signature;
The docs now warn about this danger.
Public certificates are often easy to obtain
- This turns the authentication into a simple “do you know a PIN?” check, entirely bypassing private key security
Upgrade to at least .6.13 _or_ immediately change your config
# /etc/pam_pkcs11/pam_pkcs11.conf
cert_policy = signature;
This forces PAM to require a signature from the private key, rendering this attack impossible.
> Pro-tip: You can also require ocsp (revocation), or chain validation for even more security:
>
>
> cert_policy = signature,ocsp,chain;
>
Restart the affected services after you make these changes.
References
- GitHub Issue
- Security Commit Fix
- pam_pkcs11.conf documentation
- Debian Security Tracker Entry
Conclusion
CVE-2025-24032 is a dangerous but easy-to-fix configuration vulnerability living in default settings for years. If you use certificate-based logins via PAM-PKCS#11, check your configuration immediately—make sure cert_policy requires a private key signature!
If left unfixed, any attacker with access to public user certificates and the ability to craft a token can gain full access as your users, completely undermining your Linux authentication security. Patch, reconfigure, and mitigate fast!
Did this help? Share this with your sysadmin friends—most Linux setups still use the default “cert_policy = none”!
Timeline
Published on: 02/10/2025 16:15:39 UTC
Last modified on: 05/21/2025 16:15:30 UTC