RSS   Vulnerabilities for
'Yubikey one time password validation server'
   RSS

2020-03-05
 
CVE-2020-10185

CWE-294
 

 
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.

 
 
CVE-2020-10184

CWE-89
 

 
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud.

 

 >>> Vendor: Yubico 10 Products
Piv manager
Smart card minidriver
Libu2f-host
Pam-u2f
Yubikey one time password validation server
Libykpiv
Piv tool manager
Yubikey smart card minidriver
Yubihsm-shell
Yubihsm connector


Copyright 2021, cxsecurity.com

 

Back to Top