Vulnerabilities > Yubico

DATE CVE VULNERABILITY TITLE RISK
2024-09-03 CVE-2024-45678 Information Exposure Through Discrepancy vulnerability in Yubico products
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue.
high complexity
yubico CWE-203
4.2
2023-08-14 CVE-2023-39908 Out-of-bounds Read vulnerability in Yubico Yubihsm 2 SDK
The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata.
network
low complexity
yubico CWE-125
7.5
2022-05-11 CVE-2022-24584 Incorrect Authorization vulnerability in Yubico OTP
Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server.
network
low complexity
yubico CWE-863
6.5
2022-03-30 CVE-2015-3298 Improper Verification of Cryptographic Signature vulnerability in Yubico Ykneo-Openpgp 1.0.9
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used.
low complexity
yubico CWE-347
8.8
2021-12-08 CVE-2021-43399 Out-of-bounds Write vulnerability in Yubico Yubihsm 2 Software Development KIT
The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.
network
low complexity
yubico CWE-787
7.5
2021-05-26 CVE-2021-31924 Improper Authentication vulnerability in multiple products
Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass.
low complexity
yubico fedoraproject CWE-287
6.8
2021-05-10 CVE-2021-32489 Integer Overflow or Wraparound vulnerability in Yubico Yubihsm-Shell
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3.
network
high complexity
yubico CWE-190
4.4
2021-04-14 CVE-2021-28484 Infinite Loop vulnerability in multiple products
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04).
network
low complexity
yubico fedoraproject CWE-835
7.5
2021-03-04 CVE-2021-27217 Out-of-bounds Read vulnerability in Yubico Yubihsm-Shell
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3.
network
high complexity
yubico CWE-125
4.4
2021-01-07 CVE-2021-3011 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9.
high complexity
yubico nxp ftsafe google CWE-670
4.2