pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusb_pad_compare() function in src/pad.c only verified th…

A vulnerability in pam_usb prior to version 0.9.0 allows local users to bypass USB device authentication requirements. The pusb_pad_compare() function in src/pad.c fails to properly verify both user-side and system-side pad files. When the user-side pad file (~/.pamusb/device.pad) is missing or unreadable, the function returns a failure that is treated as non-fatal in certain code paths. This allows authentication to succeed without the USB device being present. A local attacker can exploit this by simply deleting their own ~/.pamusb/device.pad file to remove the USB device requirement and authenticate without the physical device.