In check_user_token in util.c in the Yubico PAM module 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure and/or DoS .