Vulnerabilities > Yubico > Yubikey ONE Time Password Validation Server

DATE CVE VULNERABILITY TITLE RISK
2020-03-05 CVE-2020-10185 Authentication Bypass by Capture-replay vulnerability in Yubico Yubikey ONE Time Password Validation Server
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP.
network
yubico CWE-294
6.8
2020-03-05 CVE-2020-10184 SQL Injection vulnerability in Yubico Yubikey ONE Time Password Validation Server
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection.
network
low complexity
yubico CWE-89
5.0