MAL-2025-192924 Malicious code in u2f_client (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

USN-7806-1 pam-u2f vulnerability

It was discovered that PAM/U2F could allow for authentication bypass in some configurations. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service...

USN-7806-1: PAM/U2F vulnerability

It was discovered that PAM/U2F could allow for authentication bypass in some configurations. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service...

EUVD-2025-27406

Malicious code in bioql PyPI...

Proxmox Virtual Environment 安全漏洞

Proxmox Virtual Environment Proxmox VE is an open source server virtualization environment Linux distribution from Proxmox. A security vulnerability exists in Proxmox Virtual Environment version 8.4, which stems from a U2F Origin field stored cross-site scripting vulnerability that could lead to...

Yubico pam-u2f 安全漏洞

Yubico pam-u2f is a pluggable authentication module for U2F and FIDO2 from Yubico. A security vulnerability exists in Yubico pam-u2f versions prior to 1.3.1 that stems from allowing authentication to be bypassed in certain configurations, where local elevation of privilege may occur...

de.fac2 安全漏洞

de.fac2 is a Javacard applet that implements the Fido U2F token from Bundesamt für Sicherheit in der Informationstechnik in Germany. A security vulnerability exists in de.fac2 version 1.34, which originates from bypassing user protection mechanisms in the presence of malware on the victim's...

New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys

Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication 2FA device can clone it...

Fido U2f Security Breach

Fido U2f is an authentication protocol from the Fido organization based on standard public key cryptography techniques primarily used for smart card authentication. A security vulnerability exists in Fido U2f that could allow an attacker to extract the ECDSA private key after extensive physical...

CVE-2019-18672

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...

PT-2019-15571 · Shapeshift · Keepkey

Name of the Vulnerable Software and Affected Versions: ShapeShift KeepKey hardware wallet versions prior to 6.2.2 Description: The issue is related to insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet. This allows a partial reset of cryptographic secrets to...

Google 'Titan Security Key' Is Now On Sale For $50

Google just made its Titan Security Key available on its store for $50. First announced last month at Google Cloud Next '18 convention, Titan Security Key is a tiny USB device—similar to Yubico's YubiKey—that offers hardware-based two-factor authentication 2FA for online accounts with the highest...

Titan Security Keys – Google launches its own USB-based FIDO U2F Keys

At Google Cloud Next '18 convention in San Francisco, the company has introduced Titan Security Keys —a tiny USB device, similar to Yubico's YubiKey, that offers hardware-based two-factor authentication for your online accounts with the highest level of protection against phishing attacks. These...