Filtered by vendor Yubico
Subscriptions
Filtered by product Yubikey One Time Password Validation Server
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10185 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2024-08-04 | 8.6 High |
| The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud. | ||||
| CVE-2020-10184 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2024-08-04 | 7.5 High |
| The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud. | ||||
Page 1 of 1.