Vulnerabilities > Yubico > Yubikey ONE Time Password Validation Server > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-05 | CVE-2020-10185 | Authentication Bypass by Capture-replay vulnerability in Yubico Yubikey ONE Time Password Validation Server The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. | 8.6 |
2020-03-05 | CVE-2020-10184 | SQL Injection vulnerability in Yubico Yubikey ONE Time Password Validation Server The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. | 7.5 |