VYPR

YubiKey Validation Server

by Yubico

CVEs (3)

  • CVE-2020-10185HigMar 5, 2020
    risk 0.56cvss 8.6epss 0.01

    The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool;…

  • CVE-2020-10184HigMar 5, 2020
    risk 0.49cvss 7.5epss 0.01

    The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP…

  • CVE-2022-24584MedMay 11, 2022
    risk 0.42cvss 6.5epss 0.01

    Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token…