{"id":"CVE-2024-37408","details":"fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by \"auth sufficient pam_fprintd.so\" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pam_fprintd.so to front-ends that implement a proper attention mechanism, not modifying pam_fprintd.so or fprintd.","modified":"2026-04-02T12:16:41.348352Z","published":"2024-06-08T14:15:11.307Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/06/14/3"},{"type":"WEB","url":"https://gitlab.freedesktop.org/libfprint/fprintd/-/releases"},{"type":"WEB","url":"https://lists.freedesktop.org/archives/fprint/2024-May/001231.html"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2024/05/30/3"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2024/06/13/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/06/13/3"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/06/14/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/06/14/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/libfprint/fprintd","events":[{"introduced":"0"},{"last_affected":"2cf0650dd4f832aaba400dd4f7f73269f6cd185e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.94.3"}]}}],"versions":["1.90.1","V_0_2_0","V_0_4_0","V_0_4_1","V_0_5_0","V_0_5_1","V_0_6_0","V_0_7_0","V_0_8_0","V_0_8_1","V_0_9_0","v1.90.4","v1.90.5","v1.90.6","v1.90.7","v1.90.8","v1.90.9","v1.92.0","v1.94.0","v1.94.1","v1.94.2","v1.94.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37408.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}]}