VYPR
Medium severity5.9NVD Advisory· Published Jul 9, 2020· Updated Jun 17, 2026

CVE-2020-15000

CVE-2020-15000

Description

A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known value upon initialization. If the retry counter for the Reset Code is set to non-zero without changing the Reset Code, this known value can be used to reset the User PIN. To set the retry counters, the Admin PIN is required.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Yubico/YubiKey 5description
  • Yubico/YubiKeyllm-fuzzy
    Range: 5.2.0-5.2.6

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.