[SECURITY] Fedora 39 Update: rust-yubibomb-0.2.14-3.fc39

Don't you love when you accidentally tap your Yubikey when you have your IRC client in focus and you send 987947 into Libera? Want to be able to have that experience without having to reach all the way over to your laptop's USB port? Now you can!...

[SECURITY] Fedora 39 Update: rust-ybaas-0.0.17-3.fc39

Don't you love when you accidentally tap your Yubikey when you have your IRC client in focus and you send 987947 into Libera? Want to be able to have that experience without having to reach all the way over to your laptop's USB port? Don't want the complexity of installing and using the yubibomb...

CVE-2024-35311

Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control...

CVE-2024-35311

CVE-2024-35311 affects Yubico YubiKey 5 Series <5.7.0, Security Key Series <5.7.0, YubiKey Bio Series <5.6.4, and YubiKey 5 FIPS

CVE-2024-35311

Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control...

PT-2024-26428 · Yubico · Yubico Security Key Series +3

Name of the Vulnerable Software and Affected Versions: Yubico YubiKey 5 Series versions 5.0.0 through 5.6.x Yubico Security Key Series versions 5.0.0 through 5.6.x Yubico YubiKey Bio Series versions 5.0.0 through 5.6.3 Yubico YubiKey 5 FIPS versions 5.0.0 through 5.7.1 Description: The issue is...

Yubico YubiKey 5 安全漏洞

Yubico YubiKey 5 is a multi-protocol security secret key device from the Swedish company Yubico. A security vulnerability exists in Yubico YubiKey prior to 5.7.0, Security Key prior to 5.7.0, YubiKey Bio prior to 5.6.4, and YubiKey 5 FIPS prior to 5.7.2, which stems from faulty access control, an...

Fedora: Security Advisory for rust-ybaas (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-yubibomb-0.2.14-3.fc40

Don't you love when you accidentally tap your Yubikey when you have your IRC client in focus and you send 987947 into Libera? Want to be able to have that experience without having to reach all the way over to your laptop's USB port? Now you can!...

[SECURITY] Fedora 40 Update: rust-ybaas-0.0.17-3.fc40

Don't you love when you accidentally tap your Yubikey when you have your IRC client in focus and you send 987947 into Libera? Want to be able to have that experience without having to reach all the way over to your laptop's USB port? Don't want the complexity of installing and using the yubibomb...

CVE-2024-31498

Yubico ykman-gui aka YubiKey Manager GUI before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator...

CVE-2024-31498

Yubico YubiKey Manager GUI (ykman-gui) for Windows is affected by CVE-2024-31498 when running versions prior to 1.2.6. The issue enables privilege escalation because browser windows can be opened as Administrator if Edge is not used, allowing a local attacker to escalate privileges via the GUI. A...

PT-2024-24121 · Yubico +1 · Yubico Ykman-Gui +2

Name of the Vulnerable Software and Affected Versions: Yubico ykman-gui aka YubiKey Manager GUI versions prior to 1.2.6 Description: A privilege escalation issue exists because browser windows can open as Administrator when Edge is not used on Windows systems. This could allow for unexpected...

Yubico YubiKey 安全漏洞

Yubico YubiKey is a hardware authentication device from the Swedish company Yubico. A security vulnerability exists in the Yubico YubiKey Manager GUI version prior to 1.2.6, which stems from the presence of an elevation of privilege vulnerability...

Security Advisory YSA-2024-03 | Yubico

A vulnerability was discovered in Infineon’s cryptographic library, which is utilized in YubiKey 5 Series, and Security Key Series with firmware prior to 5.7.0 and YubiHSM 2 with firmware prior to 2.4.0. The severity of the issue in Yubico devices is moderate. An attacker could exploit this issue...

PINs for Cryptography with Hardware Secure Elements

I’m a big fan of technologies that enable otherwise impossible security properties and user experiences, like cryptography often can. One such technology is hardware secure elements. Here’s a thing you can’t do with cryptography: encrypt data securely with a low-entropy secret, like a PIN. If a...

Security Advisory YSA-2024-02 | Yubico

To address a low severity privacy issue, Yubico has released updated firmware for YubiKey 5 Series, Security Key Series, and YubiKey Bio Series. The YubiKey CSPN Series and YubiKey 5 FIPS series are also affected. The YubiKey 5 FIPS series will receive this privacy update in the next release of...

Security Advisory YSA-2024-01 | Yubico

A security issue has been identified in YubiKey Manager GUI which could lead to unexpected privilege escalation on Windows. If a user runs the YubiKey Manager GUI as Administrator, browser windows opened by YubiKey Manager GUI may be opened as Administrator which could be exploited by a local...

YubiKey authentication is working on published desktop but not published app

YubiKey does not work from a published app browser e.g., Microsoft Edge, but it works on the same browser inside a published desktop. The published app and desktop are both hosted on the same server...

[SECURITY] Fedora 37 Update: rust-yubibomb-0.2.12-1.fc37

Don't you love when you accidentally tap your Yubikey when you have your IRC client in focus and you send 987947 into Libera? Want to be able to have that experience without having to reach all the way over to your laptop's USB port? Now you can!...