The vulnerability of the buffer in the dev.c software for working with YubiKey security keys allows a perpetrator to execute arbitrary code.

The vulnerability of the buffer in the dev.c software for working with YubiKey security keys is related to the execution of operations beyond the boundaries of the memory buffer. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...

Fedora Update for pam-u2f FEDORA-2019-cd8f4b9568

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: pam-u2f-1.0.8-1.fc29

The PAM U2F module provides an easy way to integrate the Yubikey or other U2F-compliant authenticators into your existing user authentication infrastructure...

Yubico Security Keys with a Crypto Flaw

Wow, is this an embarrassing bug: Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness ...

Fedora Update for pam-u2f FEDORA-2019-b6d3c8b0a8

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: pam-u2f-1.0.8-1.fc30

The PAM U2F module provides an easy way to integrate the Yubikey or other U2F-compliant authenticators into your existing user authentication infrastructure...

CVE-2018-20340

Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is...

Security advisory YSA-2019-02 | Yubico

Who should read this advisory? Customers, IT Managers, or FIPS Crypto Officers who use or manage YubiKey FIPS Series devices. An issue exists in YubiKey FIPS Series devices, versions 4.4.2 and 4.4.4 please note, there is no released firmware version 4.4.3. , where the first set of random values...

Security advisory YSA-2019-01 | Yubico

Yubico library libu2f-host prior to version 1.1.7 contains an unchecked buffer, which could allow a buffer overflow. Libu2f-host is a library that implements the host party of the U2F protocol. This issue can allow an attacker with a custom made malicious USB device masquerading as a security key...

A YubiKey for iOS Will Soon Free Your iPhone From Passwords

Yubico has finally gotten the green light from Apple to make a hardware authentication token that works on iPhones and iPads...

The Series 5 YubiKey Will Help Kill the Password

The latest batch of hardware-based tokens from Yubico will eventually let you skip the password altogether...

Touch-to-operate password-store with YubiKey 4

There are dozens of tutorials on how to fight GnuPG to use YubiKeys for everything, but my favorite overlooked feature of the YubiKey 4 is "touch to operate", where each cryptographic operation takes a physical touch of the gold surface. That pairs particularly well with password-store, a PGP...

Touch-to-operate password-store with YubiKey 4

There are dozens of tutorials on how to fight GnuPG to use YubiKeys for everything, but my favorite overlooked feature of the YubiKey 4 is "touch to operate", where each cryptographic operation takes a physical touch of the gold surface. That pairs particularly well with password-store, a PGP...

[SECURITY] Fedora 28 Update: yubico-piv-tool-1.6.0-1.fc28

The Yubico PIV tool is used for interacting with the Privilege and Identification Card PIV applet on a YubiKey NEO. With it you may generate keys on the device, importing keys and certificate s, and create certificate requests, and other operations. A shared library and a command-line tool is...

[SECURITY] Fedora 27 Update: yubico-piv-tool-1.6.0-1.fc27

The Yubico PIV tool is used for interacting with the Privilege and Identification Card PIV applet on a YubiKey NEO. With it you may generate keys on the device, importing keys and certificate s, and create certificate requests, and other operations. A shared library and a command-line tool is...

Yubico 0.1.9 libykneomgr Out Of Bounds Read / Write Vulnerability

Yubico version 0.1.9 libykneomgr suffers from out of bounds read and write vulnerabilities. Multiple Vulnerabilities in Yubico libykneomgr ============================================== Overview - -------- Confirmed Affected Versions: 0.1.9 Confirmed Patched Versions: - Vendor: Yubico / Depreciat...

Security advisory YSA-2018-03 | Yubico

Eric Sesterhenn of X41 D-Sec notified Yubico of a security issue in libykpiv, a supporting library of the Yubico PIV Tool, YubiKey PIV Manager, and Yubikey Smart Card Minidriver. This issue can allow an attacker with a custom made malicious USB device masquerading as a YubiKey, and physical acces...

Security advisory YSA-2018-01 | Yubico

Oscar Mira and Roi Martin from the Schibsted security team informed us of a security issue in the OATH Initiative for Open Authentication applet on the YubiKey NEO. The YubiKey OATH applet is used to generate time-based one-time password TOTP and HMAC-based one-time password HOTP codes that are...

What You Need To Know About The "ROCA" vulnerability

By Daniel Franke, Infosec Researcher Akamai is aware of the recently-disclosed "ROCA" vulnerability in cryptographic firmware used in products made by Infineon Technologies. A bug in the firmware's prime-search algorithm used for RSA key generation results in RSA keys that are relatively cheap an...

CVE-2017-15361

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module TPM firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various...