CVE-2020-24612 : Vulnerability Insights and Analysis
Discover the impact of CVE-2020-24612 in the selinux-policy package, allowing attackers to bypass 2FA. Learn about affected systems, exploitation, and mitigation steps.
An issue in the selinux-policy package allows bypassing 2FA by mishandling the .config/Yubico directory.
Understanding CVE-2020-24612
This CVE involves a vulnerability in the selinux-policy package that impacts the handling of the .config/Yubico directory, potentially enabling attackers to bypass two-factor authentication (2FA).
What is CVE-2020-24612?
The vulnerability in selinux-policy (Reference Policy) version 3.14 through 2020-08-24 allows unauthorized access by disabling the second factor of authentication when SELinux is in enforced mode.
The Impact of CVE-2020-24612
The vulnerability poses a medium severity risk with high confidentiality and integrity impacts. An attacker with knowledge of the password can exploit this to bypass 2FA.
Technical Details of CVE-2020-24612
This section delves into the technical aspects of the CVE.
Vulnerability Description
The mishandling of the .config/Yubico directory in selinux-policy leads to the disabling of the second factor of authentication, allowing password-only access.
Affected Systems and Versions
- Package: selinux-policy (Reference Policy)
- Versions: 3.14 through 2020-08-24
Exploitation Mechanism
- Attack Complexity: High
- Attack Vector: Local
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Vector String: CVSS:3.1/AC:H/AV:L/A:N/C:H/I:H/PR:N/S:U/UI:N
Mitigation and Prevention
Protect systems from CVE-2020-24612 with the following measures.
Immediate Steps to Take
- Update selinux-policy to a patched version.
- Monitor system logs for any suspicious activity.
Long-Term Security Practices
- Implement multi-factor authentication beyond 2FA.
- Regularly review and update SELinux policies.
Patching and Updates
- Apply patches provided by the vendor promptly.