Package: libpam-u2f Version: 1.1.0-1.1+deb12u1 Severity: normal Dear Maintainer,
While fixing CVE-2025-23013, it seems that the functionality of the 'nouserok' flag in the code has been deleted: https://salsa.debian.org/auth-team/pam-u2f/-/commit/8c0c9867ce83325712e801f635505138840559a6#0ccf1a1953f68dff217424f8b4e807455b2c0387_0_52 Expected behaviour is that the nouserok flag still works in the Debian/bookworm libpam-u2f package version. In upstream Debian/Trixie libpam-u2f:1.3.2-1, the functionality of the nouserok flag works. A possible pam-configuration that we currently use looks like this. -- >8 -- user@host:~$ cat /usr/share/pam-configs/dummy-u2f-pam-config-nouserok Name: u2f authentication using pam-u2f (nouserok) Default: no Priority: 384 Auth-Type: Additional Auth: required pam_u2f.so authfile=/etc/u2f_mappings nouserok Auth-Initial: required pam_u2f.so authfile=/etc/u2f_mappings nouserok -- >8 -- Best, Janek -- System Information: Debian Release: 13.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: armhf, arm64 Kernel: Linux 6.12.27-amd64 (SMP w/6 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libpam-u2f depends on: ii libc6 2.41-7 ii libfido2-1 1.15.0-1+b1 ii libpam0g 1.7.0-3 ii libssl3t64 3.5.0-1 Versions of packages libpam-u2f recommends: pn pamu2fcfg <none> libpam-u2f suggests no packages.
