6 matches found
EUVD-2025-9570
Malicious code in bioql PyPI...
CVE-2025-29991
Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...
Yubico YubiKey 安全漏洞
Yubico YubiKey is a hardware authentication device from the Swedish company Yubico. A security vulnerability exists in Yubico YubiKey versions 5.4.1 through 5.7.3, which stems from an incorrect implementation of the FIDO CTAP PIN/UV Auth Protocol Two, which could lead to partial signature...
YSA-2025-02 | Yubico
A low severity issue has been identified in YubiKeys versions 5.4.1 through 5.7.3 in the FIDO CTAP PIN/UV Auth Protocol Two implementation. These YubiKey versions use the 16 byte signature length from CTAP PIN/UV Auth Protocol One during the verification step, even when the 32 byte CTAP PIN/UV Au...
Google, Apple, and Microsoft step hand in hand into a passwordless future
While we recently "celebrated" World Password Day, almost every security outlet keeps telling us that passwords alone are not enough. In practice, in the last few years this has meant pairing passwords with something else, such as a one-time code from an app or an SMS message, in a scheme called...
Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins
Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means,...