Vulnerabilities > Yubico > Yubikey 5 NFC Firmware

DATE CVE VULNERABILITY TITLE RISK
2024-09-03 CVE-2024-45678 Information Exposure Through Discrepancy vulnerability in Yubico products
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue.
high complexity
yubico CWE-203
4.2
4.2
2020-07-09 CVE-2020-15001 Missing Authorization vulnerability in Yubico Yubikey 5 NFC Firmware
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1.
high complexity
yubico CWE-862
5.3
5.3
2020-07-09 CVE-2020-15000 Unspecified vulnerability in Yubico Yubikey 5 NFC Firmware 5.2.0/5.2.6
A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6.
network
high complexity
yubico
5.9
5.9