Vulnerabilities > Yubico > Yubikey ONE Time Password Validation Server > 2.7

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-05	CVE-2020-10185	Authentication Bypass by Capture-replay vulnerability in Yubico Yubikey ONE Time Password Validation Server The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. network yubico CWE-294	6.8
2020-03-05	CVE-2020-10184	SQL Injection vulnerability in Yubico Yubikey ONE Time Password Validation Server The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. network low complexity yubico CWE-89	5.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.