CVE-2024-45678
Description
YubiKey 5 and YubiHSM 2 devices with vulnerable firmware allow physical attackers to extract ECDSA private keys via electromagnetic side-channel attack (EUCLEAK).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
YubiKey 5 and YubiHSM 2 devices with vulnerable firmware allow physical attackers to extract ECDSA private keys via electromagnetic side-channel attack (EUCLEAK).
Vulnerability
The vulnerability (EUCLEAK) is a side-channel flaw in the Infineon cryptographic library used in YubiKey 5 Series (firmware versions prior to 5.7.0), YubiHSM 2 (firmware prior to 2.4.0), and other Infineon security microcontrollers (e.g., SLE78, Optiga Trust M, Optiga TPM) [2][4]. The root cause is a non-constant-time modular inversion in the Extended Euclidean Algorithm during ECDSA signature generation, which leaks secret key material through electromagnetic emanations [4]. Affected Yubico products include all YubiKey 5 Series, Security Key Series, and YubiHSM 2 with firmware below the fixed versions [2].
Exploitation
An attacker must have physical possession of the device, specialized electromagnetic probing equipment, and knowledge of the target accounts (e.g., username, PIN, password) [2][3]. The attack involves disassembling the device, placing a probe near the secure element, and capturing a few minutes of electromagnetic side-channel signals during ECDSA operations [4]. The attacker then extracts the ECDSA private key from the captured traces [4]. No user interaction is required beyond the attacker's physical access.
Impact
Successful extraction of the ECDSA private key allows the attacker to clone the FIDO device, bypassing two-factor authentication for any accounts registered with that key [3][4]. The impact extends beyond Yubico: the same vulnerability affects Infineon-based TPMs, smartcards (including e-passports, EMV chips), and cryptocurrency hardware wallets [1][4]. The confidentiality of private keys is compromised, and the integrity of authentication systems relying on those keys is broken.
Mitigation
Yubico released fixed firmware versions: YubiKey 5 Series firmware 5.7.0 (May 2024), YubiKey Bio Series 5.7.2, Security Key Series 5.7.0, and YubiHSM 2 firmware 2.4.0 [2]. Firmware updates are not possible on existing YubiKey devices; affected units must be replaced [3]. Yubico removed the Infineon cryptographic library in favor of a custom library [2]. For other Infineon-based devices, users should contact the respective vendors for patches or replacements [4]. No workaround exists for unpatched devices. The vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: <5.7.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Non-constant-time modular inversion in the Extended Euclidean Algorithm used for ECDSA operations, creating an electromagnetic side channel that leaks secret key material."
Attack vector
An attacker with physical access to the device must disassemble it and use expensive electromagnetic side-channel equipment to capture leakage during an ECDSA signature operation [ref_id=1]. The non-constant-time modular inversion in the Infineon cryptographic library creates measurable timing variations in the electromagnetic field that correlate with secret-key bits [ref_id=1]. The attacker also needs the victim's username and password to complete the authentication, and must reassemble the device afterward to avoid detection [ref_id=1].
Affected code
The advisory does not specify exact function or file names. The vulnerability resides in the modular inversion routine of the Extended Euclidean Algorithm within the Infineon cryptographic library used by YubiKey 5 Series (firmware before 5.7.0) and YubiHSM 2 (firmware before 2.4.0) [ref_id=1].
What the fix does
The advisory does not include a patch diff, but Yubico addressed the issue by releasing firmware 5.7.0 for YubiKey 5 Series and firmware 2.4.0 for YubiHSM 2 [ref_id=1]. The fix replaces the non-constant-time modular inversion with a constant-time implementation, eliminating the electromagnetic side-channel leakage that enabled the EUCLEAK attack [ref_id=1]. All versions of the Infineon cryptographic library are believed to be affected, so other vendors using the same library must also deploy their own fixes [ref_id=1].
Preconditions
- networkAttacker must be able to observe the device during an ECDSA signature operation.
- authAttacker needs the victim's username and password to trigger the ECDSA operation.
- inputAttacker must have physical possession of the target YubiKey or YubiHSM device.
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/mitre
- news.ycombinator.com/itemmitre
- ninjalab.io/eucleak/mitre
- ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdfmitre
- support.yubico.com/hc/en-us/articles/15705749884444mitre
- www.yubico.com/support/security-advisories/ysa-2024-03/mitre
News mentions
0No linked articles in our index yet.