keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation2 reference(s) from NVD