A vulnerability in pam_usb prior to version 0.9.0 allows authentication bypass through the deny_remote feature. The issue stems from incomplete IPv6 address checking in the utmpx ut_addr_v6 field, where only the first 32-bit word is tested. IPv4-mapped IPv6 addresses store the actual IPv4 address in ut_addr_v6[3] while ut_addr_v6[0] remains 0, causing remote sessions to be incorrectly treated as local. This affects systems where SSH daemon listens on IPv6 wildcard with AddressFamily any, common on Ubuntu and Debian. Attackers with physical access to a registered USB device can authenticate over SSH as if sitting at a local terminal, completely bypassing deny_remote restrictions.