CVE-2024-45678 - OpenCVE

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Yubico	Security Key C Nfc By Yubico Security Key C Nfc By Yubico Firmware Security Key Nfc By Yubico Security Key Nfc By Yubico Firmware Yubihsm 2 Yubihsm 2 Fips Yubihsm 2 Fips Firmware Yubihsm 2 Firmware Yubikey 5 Nano Yubikey 5 Nano Fips Yubikey 5 Nano Fips Firmware Yubikey 5 Nano Firmware Yubikey 5 Nfc Yubikey 5 Nfc Fips Yubikey 5 Nfc Fips Firmware Yubikey 5 Nfc Firmware Yubikey 5c Yubikey 5c Fips Yubikey 5c Fips Firmware Yubikey 5c Firmware Yubikey 5c Nano Yubikey 5c Nano Fips Yubikey 5c Nano Fips Firmware Yubikey 5c Nano Firmware Yubikey 5c Nfc Yubikey 5c Nfc Fips Yubikey 5c Nfc Fips Firmware Yubikey 5c Nfc Firmware Yubikey 5ci Yubikey 5ci Fips Yubikey 5ci Fips Firmware Yubikey 5ci Firmware Yubikey Bio Yubikey Bio Firmware Yubikey C Bio Yubikey C Bio Firmware

Configuration 1 [-]

AND

cpe:2.3:o:yubico:yubikey_5c_nfc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubikey_5c_nfc:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:yubico:yubikey_5_nfc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubikey_5_nfc:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:yubico:yubikey_5c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubikey_5c:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:yubico:yubikey_5_nano_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubikey_5_nano:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:yubico:yubikey_5c_nano_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubikey_5c_nano:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:yubico:yubikey_5ci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubikey_5ci:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:yubico:yubikey_5_nfc_fips_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubikey_5_nfc_fips:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:yubico:yubikey_5c_nfc_fips_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubikey_5c_nfc_fips:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:yubico:yubikey_5c_fips_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubikey_5c_fips:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:yubico:yubikey_5_nano_fips_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubikey_5_nano_fips:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:yubico:yubikey_5c_nano_fips_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubikey_5c_nano_fips:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:yubico:yubikey_5ci_fips_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubikey_5ci_fips:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:yubico:yubikey_c_bio_firmware:*:*:*:*:fido:*:*:*

cpe:2.3:h:yubico:yubikey_c_bio:-:*:*:*:fido:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:yubico:yubikey_bio_firmware:*:*:*:*:fido:*:*:*

cpe:2.3:h:yubico:yubikey_bio:-:*:*:*:fido:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:yubico:security_key_nfc_by_yubico_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:security_key_nfc_by_yubico:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:yubico:security_key_c_nfc_by_yubico_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:security_key_c_nfc_by_yubico:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:yubico:yubihsm_2_fips_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubihsm_2_fips:2.2:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:yubico:yubihsm_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yubico:yubihsm_2:2.3.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/
https://news.ycombinator.com/item?id=41434500
https://ninjalab.io/eucleak/
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
https://support.yubico.com/hc/en-us/articles/15705749884444
https://www.yubico.com/support/security-advisories/ysa-2024-03/

History

Thu, 12 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Yubico Yubico security Key C Nfc By Yubico Yubico security Key C Nfc By Yubico Firmware Yubico security Key Nfc By Yubico Yubico security Key Nfc By Yubico Firmware Yubico yubihsm 2 Yubico yubihsm 2 Fips Yubico yubihsm 2 Fips Firmware Yubico yubihsm 2 Firmware Yubico yubikey 5 Nano Yubico yubikey 5 Nano Fips Yubico yubikey 5 Nano Fips Firmware Yubico yubikey 5 Nano Firmware Yubico yubikey 5 Nfc Yubico yubikey 5 Nfc Fips Yubico yubikey 5 Nfc Fips Firmware Yubico yubikey 5 Nfc Firmware Yubico yubikey 5c Yubico yubikey 5c Fips Yubico yubikey 5c Fips Firmware Yubico yubikey 5c Firmware Yubico yubikey 5c Nano Yubico yubikey 5c Nano Fips Yubico yubikey 5c Nano Fips Firmware Yubico yubikey 5c Nano Firmware Yubico yubikey 5c Nfc Yubico yubikey 5c Nfc Fips Yubico yubikey 5c Nfc Fips Firmware Yubico yubikey 5c Nfc Firmware Yubico yubikey 5ci Yubico yubikey 5ci Fips Yubico yubikey 5ci Fips Firmware Yubico yubikey 5ci Firmware Yubico yubikey Bio Yubico yubikey Bio Firmware Yubico yubikey C Bio Yubico yubikey C Bio Firmware
Weaknesses		CWE-203
CPEs		cpe:2.3:h:yubico:security_key_c_nfc_by_yubico:-:::::::* cpe:2.3:h:yubico:security_key_nfc_by_yubico:-:::::::* cpe:2.3:h:yubico:yubihsm_2:2.3.2:::::::* cpe:2.3:h:yubico:yubihsm_2_fips:2.2:::::::* cpe:2.3:h:yubico:yubikey_5_nano:-:::::::* cpe:2.3:h:yubico:yubikey_5_nano_fips:-:::::::* cpe:2.3:h:yubico:yubikey_5_nfc:-:::::::* cpe:2.3:h:yubico:yubikey_5_nfc_fips:-:::::::* cpe:2.3:h:yubico:yubikey_5c:-:::::::* cpe:2.3:h:yubico:yubikey_5c_fips:-:::::::* cpe:2.3:h:yubico:yubikey_5c_nano:-:::::::* cpe:2.3:h:yubico:yubikey_5c_nano_fips:-:::::::* cpe:2.3:h:yubico:yubikey_5c_nfc:-:::::::* cpe:2.3:h:yubico:yubikey_5c_nfc_fips:-:::::::* cpe:2.3:h:yubico:yubikey_5ci:-:::::::* cpe:2.3:h:yubico:yubikey_5ci_fips:-:::::::* cpe:2.3:h:yubico:yubikey_bio:-::::fido::: cpe:2.3:h:yubico:yubikey_c_bio:-::::fido::: cpe:2.3:o:yubico:security_key_c_nfc_by_yubico_firmware:::::::: cpe:2.3:o:yubico:security_key_nfc_by_yubico_firmware:::::::: cpe:2.3:o:yubico:yubihsm_2_fips_firmware:::::::: cpe:2.3:o:yubico:yubihsm_2_firmware:::::::: cpe:2.3:o:yubico:yubikey_5_nano_fips_firmware:::::::: cpe:2.3:o:yubico:yubikey_5_nano_firmware:::::::: cpe:2.3:o:yubico:yubikey_5_nfc_fips_firmware:::::::: cpe:2.3:o:yubico:yubikey_5_nfc_firmware:::::::: cpe:2.3:o:yubico:yubikey_5c_fips_firmware:::::::: cpe:2.3:o:yubico:yubikey_5c_firmware:::::::: cpe:2.3:o:yubico:yubikey_5c_nano_fips_firmware:::::::: cpe:2.3:o:yubico:yubikey_5c_nano_firmware:::::::: cpe:2.3:o:yubico:yubikey_5c_nfc_fips_firmware:::::::: cpe:2.3:o:yubico:yubikey_5c_nfc_firmware:::::::: cpe:2.3:o:yubico:yubikey_5ci_fips_firmware:::::::: cpe:2.3:o:yubico:yubikey_5ci_firmware:::::::: cpe:2.3:o:yubico:yubikey_bio_firmware:::::fido:::* cpe:2.3:o:yubico:yubikey_c_bio_firmware:::::fido:::*
Vendors & Products		Yubico Yubico security Key C Nfc By Yubico Yubico security Key C Nfc By Yubico Firmware Yubico security Key Nfc By Yubico Yubico security Key Nfc By Yubico Firmware Yubico yubihsm 2 Yubico yubihsm 2 Fips Yubico yubihsm 2 Fips Firmware Yubico yubihsm 2 Firmware Yubico yubikey 5 Nano Yubico yubikey 5 Nano Fips Yubico yubikey 5 Nano Fips Firmware Yubico yubikey 5 Nano Firmware Yubico yubikey 5 Nfc Yubico yubikey 5 Nfc Fips Yubico yubikey 5 Nfc Fips Firmware Yubico yubikey 5 Nfc Firmware Yubico yubikey 5c Yubico yubikey 5c Fips Yubico yubikey 5c Fips Firmware Yubico yubikey 5c Firmware Yubico yubikey 5c Nano Yubico yubikey 5c Nano Fips Yubico yubikey 5c Nano Fips Firmware Yubico yubikey 5c Nano Firmware Yubico yubikey 5c Nfc Yubico yubikey 5c Nfc Fips Yubico yubikey 5c Nfc Fips Firmware Yubico yubikey 5c Nfc Firmware Yubico yubikey 5ci Yubico yubikey 5ci Fips Yubico yubikey 5ci Fips Firmware Yubico yubikey 5ci Firmware Yubico yubikey Bio Yubico yubikey Bio Firmware Yubico yubikey C Bio Yubico yubikey C Bio Firmware
Metrics		cvssV3_1 `{'score': 4.2, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Tue, 03 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 03 Sep 2024 19:45:00 +0000

Type	Values Removed	Values Added
Description		Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.
References		https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/ https://news.ycombinator.com/item?id=41434500 https://ninjalab.io/eucleak/ https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf https://support.yubico.com/hc/en-us/articles/15705749884444 https://www.yubico.com/support/security-advisories/ysa-2024-03/

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-09-03T00:00:00

Updated: 2024-09-03T20:05:20.837Z

Reserved: 2024-09-03T00:00:00

Link: CVE-2024-45678

Vulnrichment

Updated: 2024-09-03T20:05:16.815Z

NVD

Status : Analyzed

Published: 2024-09-03T20:15:08.860

Modified: 2024-09-12T20:07:09.640

Link: CVE-2024-45678

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object