28 matches found
CVE-2020-12061
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attack...
EUVD-2020-4377
Malware in sbrugna...
EUVD-2020-19727
Malware in sbrugna...
EUVD-2025-4087
Malicious code in bioql PyPI...
CVE-2025-25201
Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...
CVE-2025-25201
Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...
CVE-2025-25201 Improper Validation of Admin Key in PIV Smartcard
Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...
CVE-2025-25201 Improper Validation of Admin Key in PIV Smartcard
Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...
CVE-2025-25201 Improper Validation of Admin Key in PIV Smartcard
Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...
CVE-2025-25201
CVE-2025-25201 concerns Nitrokey 3 Firmware. The PIV application could accept invalid keys for authentication of the admin key in releases up to 1.8.0 (and certain pre-1.8.0 test builds), allowing an attacker without the proper admin key to generate new keys and overwrite certificates, compromisi...
PT-2025-7057 · Nitrokey · Nitrokey 3 Firmware
Name of the Vulnerable Software and Affected Versions: Nitrokey 3 Firmware versions 1.8.0 and prior test releases with PIV enabled Description: The PIV application in the Nitrokey 3 Firmware could accept invalid keys for authentication of the admin key, potentially compromising the integrity of t...
Nitrokey 3 Firmware 授权问题漏洞
Nitrokey 3 Firmware is a Nitrokey 3 firmware from Nitrokey Open Source. Nitrokey 3 Firmware suffers from an authorization issue vulnerability that stems from the fact that a PIV application can accept an invalid key to validate an administrative key. This could result in the integrity of data...
SUSE CVE-2020-27208
The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...
openSUSE 15 Security Update : solo (openSUSE-SU-2021:1019-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1019-1 advisory. - The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey...
Unspecified Vulnerability in Nitrokey FIDO U2F
Nitrokey FIDO2 is an open source security key that supports FIDO2 and U2F standards for strong two-factor authentication and passwordless login. A security vulnerability exists in Nitrokey FIDO U2F firmware version 1.1 and prior versions, which stems from the fact that communications between the...
CVE-2020-12061
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attack...
CVE-2020-12061
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attack...
CVE-2020-27208
The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...
CVE-2020-27208
The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...
Design/Logic Flaw
The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...