Lucene search

[email protected]NVD:CVE-2024-45678

HistorySep 03, 2024 - 8:15 p.m.

CVE-2024-45678

2024-09-0320:15:08

CWE-203

[email protected]

web.nvd.nist.gov

yubico

yubikey

yubihsm

firmware before 5.7.0

firmware before 2.4.0

ecdsa secret-key extraction

physical access

expensive equipment

electromagnetic side channel

non-constant-time

modular inversion

extended euclidean algorithm

eucleak issue

infineon cryptographic library

vulnerability

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

36.1%

JSON

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.

Affected configurations

Nvd

Node

yubicoyubikey_5c_nfc_firmwareRange<5.7

AND

yubicoyubikey_5c_nfcMatch-

Node

yubicoyubikey_5_nfc_firmwareRange<5.7

AND

yubicoyubikey_5_nfcMatch-

Node

yubicoyubikey_5c_firmwareRange<5.7

AND

yubicoyubikey_5cMatch-

Node

yubicoyubikey_5_nano_firmwareRange<5.7

AND

yubicoyubikey_5_nanoMatch-

Node

yubicoyubikey_5c_nano_firmwareRange<5.7

AND

yubicoyubikey_5c_nanoMatch-

Node

yubicoyubikey_5ci_firmwareRange<5.7

AND

yubicoyubikey_5ciMatch-

Node

yubicoyubikey_5_nfc_fips_firmwareRange<5.7

AND

yubicoyubikey_5_nfc_fipsMatch-

Node

yubicoyubikey_5c_nfc_fips_firmwareRange<5.7

AND

yubicoyubikey_5c_nfc_fipsMatch-

Node

yubicoyubikey_5c_fips_firmwareRange<5.7

AND

yubicoyubikey_5c_fipsMatch-

Node

yubicoyubikey_5_nano_fips_firmwareRange<5.7

AND

yubicoyubikey_5_nano_fipsMatch-

Node

yubicoyubikey_5c_nano_fips_firmwareRange<5.7

AND

yubicoyubikey_5c_nano_fipsMatch-

Node

yubicoyubikey_5ci_fips_firmwareRange<5.7

AND

yubicoyubikey_5ci_fipsMatch-

Node

yubicoyubikey_c_bio_firmwareRange<5.7.2fido

AND

yubicoyubikey_c_bioMatch-fido

Node

yubicoyubikey_bio_firmwareRange<5.7.2fido

AND

yubicoyubikey_bioMatch-fido

Node

yubicosecurity_key_nfc_by_yubico_firmwareRange<5.7

AND

yubicosecurity_key_nfc_by_yubicoMatch-

Node

yubicosecurity_key_c_nfc_by_yubico_firmwareRange<5.7

AND

yubicosecurity_key_c_nfc_by_yubicoMatch-

Node

yubicoyubihsm_2_fips_firmwareRange<2.4.0

AND

yubicoyubihsm_2_fipsMatch2.2

Node

yubicoyubihsm_2_firmwareRange<2.4.0

AND

yubicoyubihsm_2Match2.3.2

VendorProductVersionCPE
yubicoyubikey_5c_nfc_firmware*cpe:2.3:o:yubico:yubikey_5c_nfc_firmware:*:*:*:*:*:*:*:*
yubicoyubikey_5c_nfc-cpe:2.3:h:yubico:yubikey_5c_nfc:-:*:*:*:*:*:*:*
yubicoyubikey_5_nfc_firmware*cpe:2.3:o:yubico:yubikey_5_nfc_firmware:*:*:*:*:*:*:*:*
yubicoyubikey_5_nfc-cpe:2.3:h:yubico:yubikey_5_nfc:-:*:*:*:*:*:*:*
yubicoyubikey_5c_firmware*cpe:2.3:o:yubico:yubikey_5c_firmware:*:*:*:*:*:*:*:*
yubicoyubikey_5c-cpe:2.3:h:yubico:yubikey_5c:-:*:*:*:*:*:*:*
yubicoyubikey_5_nano_firmware*cpe:2.3:o:yubico:yubikey_5_nano_firmware:*:*:*:*:*:*:*:*
yubicoyubikey_5_nano-cpe:2.3:h:yubico:yubikey_5_nano:-:*:*:*:*:*:*:*
yubicoyubikey_5c_nano_firmware*cpe:2.3:o:yubico:yubikey_5c_nano_firmware:*:*:*:*:*:*:*:*
yubicoyubikey_5c_nano-cpe:2.3:h:yubico:yubikey_5c_nano:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yubico	yubikey_5c_nfc_firmware	*	cpe:2.3:o:yubico:yubikey_5c_nfc_firmware::::::::
yubico	yubikey_5c_nfc	-	cpe:2.3:h:yubico:yubikey_5c_nfc:-:::::::*
yubico	yubikey_5_nfc_firmware	*	cpe:2.3:o:yubico:yubikey_5_nfc_firmware::::::::
yubico	yubikey_5_nfc	-	cpe:2.3:h:yubico:yubikey_5_nfc:-:::::::*
yubico	yubikey_5c_firmware	*	cpe:2.3:o:yubico:yubikey_5c_firmware::::::::
yubico	yubikey_5c	-	cpe:2.3:h:yubico:yubikey_5c:-:::::::*
yubico	yubikey_5_nano_firmware	*	cpe:2.3:o:yubico:yubikey_5_nano_firmware::::::::
yubico	yubikey_5_nano	-	cpe:2.3:h:yubico:yubikey_5_nano:-:::::::*
yubico	yubikey_5c_nano_firmware	*	cpe:2.3:o:yubico:yubikey_5c_nano_firmware::::::::
yubico	yubikey_5c_nano	-	cpe:2.3:h:yubico:yubikey_5c_nano:-:::::::*

Rows per page:

1-10 of 361

References

arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

news.ycombinator.com/item?id=41434500

ninjalab.io/eucleak/

ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf

support.yubico.com/hc/en-us/articles/15705749884444

www.yubico.com/support/security-advisories/ysa-2024-03/

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

36.1%

JSON

Related for NVD:CVE-2024-45678

thn1 vulnrichment1 cvelist1 cve1