Yubico ykneo-openpgp is an open source security product from the Swedish company Yubico. It implements the OpenPGP card functionality used on YubiKey NEO devices sold by Yubico. A data forgery issue vulnerability exists in versions prior to Yubico ykneo-openpgp 1.0.10. The vulnerability stems from a spelling error in versions prior to Yubico ykneo-openpgp 1.0.10 that can be used with an invalid PIN. a signature is issued on first power-up, even if the PIN has not been verified. An attacker could use this vulnerability to obtain sensitive information.