11 matches found
Welcome to the party, pal!
Welcome to the final Threat Source newsletter of 2024. Watching "Die Hard" during the Christmas season has become a widely recognized tradition for many, despite ongoing debates about its classification as a Christmas movie. I know it isn't everyone's cup of tea. Whether you like the movie or not...
CVE-2022-24584
Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token using the Yubico...
Design/Logic Flaw
DISPUTED Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token using the...
CVE-2022-24584
CVE-2022-24584 concerns incorrect access control in Yubico OTP on YubiKey hardware tokens and the Yubico OTP validation server. The issue is that a user can reprogram the OTP functionality via the Yubico Personalization Tool and then upload the new configuration to Yubico’s OTP validation servers...
PT-2022-16736 · Yubico · Yubikey
Name of the Vulnerable Software and Affected Versions: YubiKey affected versions not specified Description: The issue concerns incorrect access control in the Yubico OTP functionality of the YubiKey hardware tokens and the Yubico OTP validation server. The Yubico OTP is supposed to create...
Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM
The average cost of a data breach, according to the latest research by IBM, now stands at USD 4.24 million, the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge...
New API Lets App Developers Authenticate Users via SIM Cards
Online account creation poses a challenge for engineers and system architects: if you put up too many barriers, you risk turning away genuine users. Make it too easy, and you risk fraud or fake accounts. The Problem with Identity Verification The traditional model of online identity –...
Smartphones are not the problem with MFA security
We've recently seen big attacks play out on prominent technology companies despite their use of smartphone-based multi-factor authentication. These attacks are real, they do happen, and it appears that even the smartphone cannot protect us anymore. While this conclusion may be tempting, it actual...
Threatpost Survey Says: 2FA is Just Fine, But Go Ahead and Kill SMS
The author of a recently released penetration testing tool called Modlishka, which can bypass mainstream two-factor authentication 2FA, asked a provocative question in a recently published research note: “Is 2FA broken?” Since this isn’t the first example of how 2FA can be defeated, we asked...
The Series 5 YubiKey Will Help Kill the Password
The latest batch of hardware-based tokens from Yubico will eventually let you skip the password altogether...
Google Joins FIDO Alliance Effort to Move Beyond Passwords
Google, which gradually has been moving its users away from using passwords as their main form of authentication for Web services, has joined a young organization whose goal is to phase out passwords and replace them with various forms of strong authentication. The FIDO Alliance, formed last year...