YubiKey Validation Server
by Yubico
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10185 | Hig | 0.56 | 8.6 | 0.01 | Mar 5, 2020 | The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool;… | ||
| CVE-2020-10184 | Hig | 0.49 | 7.5 | 0.01 | Mar 5, 2020 | The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP… | ||
| CVE-2022-24584 | Med | 0.42 | 6.5 | 0.01 | May 11, 2022 | Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token… |
- risk 0.56cvss 8.6epss 0.01
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool;…
- risk 0.49cvss 7.5epss 0.01
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP…
- risk 0.42cvss 6.5epss 0.01
Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token…