EUVD-2021-18797

Malware in sbrugna...

FIDO2 Authentication Does Not Work With Webpages Opened Using Microsoft Edge

Users are not able to Authenticate to a website that requires FIDO2 Authentication using a Yubikey when using Edge on VDA Devices. The users are constantly prompted to select a Smartcard device. The same users are able to Authenticate onto the same website using Chrome or Firefox inside the same...

Microsoft Edge browser closes unexpectedly inside Published Desktop when using FIDO2 Authentication

FIDO2 Redirection is enabled to authenticate web application inside Published Desktop. MSedge browser closes unexpectedly at the web application authentication page, no error message on the desktop nor in the Windows event log. This issue only occurs with MSedge. No issue with Chrome or Firefox...

GLSA-202208-11 : Yubico pam-u2f: Local PIN Bypass vulnerability

The remote host is affected by the vulnerability described in GLSA-202208-11 Yubico pam-u2f: Local PIN Bypass vulnerability - Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not...

CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

DEBIAN-CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

UBUNTU-CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

CVE-2021-31924

Affected software: Yubico pam-u2f (PAM module for FIDO2/U2F) prior to version 1.1.1. Root cause: A logic issue in pam-u2f could bypass a PIN requirement when configured to require PIN and the application allows NULL as the PIN; pam-u2f then proceeds with FIDO2 authentication without PIN. This byp...

Security Advisory YSA-2021-03 | Yubico

A security update for pam-u2f resolves a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to...