Filtered by vendor Yubico
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9275 | 1 Yubico | 1 Yubico Pam | 2024-09-17 | N/A |
| In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors). | ||||
| CVE-2024-45678 | 1 Yubico | 36 Security Key C Nfc By Yubico, Security Key C Nfc By Yubico Firmware, Security Key Nfc By Yubico and 33 more | 2024-09-12 | 4.2 Medium |
| Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected. | ||||
| CVE-2011-4120 | 3 Debian, Linux, Yubico | 3 Debian Linux, Linux Kernel, Pam Module | 2024-08-07 | 9.8 Critical |
| Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string. | ||||
| CVE-2015-3298 | 1 Yubico | 1 Ykneo-openpgp | 2024-08-06 | 8.8 High |
| Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated. | ||||
| CVE-2018-20340 | 2 Debian, Yubico | 2 Debian Linux, Libu2f-host | 2024-08-05 | N/A |
| Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey. | ||||
| CVE-2018-14780 | 1 Yubico | 3 Piv Manager, Piv Tool, Smart Card Minidriver | 2024-08-05 | N/A |
| An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer. | ||||
| CVE-2018-14779 | 1 Yubico | 3 Piv Manager, Piv Tool, Smart Card Minidriver | 2024-08-05 | N/A |
| A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard. | ||||
| CVE-2019-12210 | 1 Yubico | 1 Pam-u2f | 2024-08-04 | N/A |
| In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation. | ||||
| CVE-2019-12209 | 1 Yubico | 1 Pam-u2f | 2024-08-04 | N/A |
| Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information. | ||||
| CVE-2019-9578 | 1 Yubico | 1 Libu2f-host | 2024-08-04 | N/A |
| In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device. | ||||
| CVE-2020-24388 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2024-08-04 | 7.5 High |
| An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service. | ||||
| CVE-2020-24387 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2024-08-04 | 7.5 High |
| An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack. | ||||
| CVE-2020-15001 | 1 Yubico | 2 Yubikey 5 Nfc, Yubikey 5 Nfc Firmware | 2024-08-04 | 5.3 Medium |
| An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when updating NFC specific components of the OTP configurations. This may allow an attacker to access configured OTPs and passwords stored in slots that were not configured by the user to be read over NFC, despite a user having set an access code. (Users who have not set an access code, or who have not configured the OTP slots, are not impacted by this issue.) | ||||
| CVE-2020-15000 | 1 Yubico | 2 Yubikey 5 Nfc, Yubikey 5 Nfc Firmware | 2024-08-04 | 5.9 Medium |
| A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known value upon initialization. If the retry counter for the Reset Code is set to non-zero without changing the Reset Code, this known value can be used to reset the User PIN. To set the retry counters, the Admin PIN is required. | ||||
| CVE-2020-13132 | 1 Yubico | 3 Libykpiv, Piv Tool Manager, Yubikey Smart Card Minidriver | 2024-08-04 | 4.6 Medium |
| An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack. | ||||
| CVE-2020-13131 | 1 Yubico | 3 Libykpiv, Piv Tool Manager, Yubikey Smart Card Minidriver | 2024-08-04 | 4.3 Medium |
| An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include PINs, passwords, key material, and other sensitive information depending on the integration. During further processing by the caller, this information could leak across trust boundaries. Note that RSA key generation is triggered by the host and cannot directly be triggered by the token. | ||||
| CVE-2020-10185 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2024-08-04 | 8.6 High |
| The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud. | ||||
| CVE-2020-10184 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2024-08-04 | 7.5 High |
| The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud. | ||||
| CVE-2021-43399 | 1 Yubico | 1 Yubihsm 2 Software Development Kit | 2024-08-04 | 7.5 High |
| The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device. | ||||
| CVE-2021-32489 | 1 Yubico | 1 Yubihsm-shell | 2024-08-03 | 4.4 Medium |
| An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product. | ||||