38 matches found
Yubico YubiKey Validation Server SQL Injection Vulnerability (CNVD-2020-16073)
Yubico YubiKey Validation Server is an authentication server from the Swedish company Yubico. A SQL injection vulnerability exists in YubiKey Validation Server versions prior to 2.40. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...
Unspecified Vulnerability in Yubico YubiKey Validation Server
Yubico YubiKey Validation Server is an authentication server from the Swedish company Yubico. A security vulnerability exists in the sync endpoint in YubiKey Validation Server versions prior to 2.40. A remote attacker could exploit the vulnerability to conduct replay attacks using previously used...
CVE-2020-10184
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...
CVE-2020-10185
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...
CVE-2020-10184
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...
CVE-2020-10185
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...
UBUNTU-CVE-2020-10185
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...
Sql injection
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...
CVE-2020-10184
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...
Default configuration
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...
CVE-2020-10185
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...
UBUNTU-CVE-2020-10184
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...
CVE-2020-10184
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...
CVE-2020-10184
CVE-2020-10184 affects YubiKey Validation Server’s verify endpoint (pre-2.40), allowing remote SQL injection to cause DoS on self-hosted OTP validation services (not YubiCloud). Remediation per sources: upgrade to 2.40+; Debian advisory notes fixed in 2.27-1+deb8u1 for Jessie.
CVE-2020-10184
Removed by vendor...
CVE-2020-10185
CVE-2020-10185 affects the YubiKey Validation Server (YubiVal) prior to version 2.40. The vulnerability resides in the sync endpoint, which can be abused by remote attackers to replay previously used one-time passwords. This issue does not affect YubiCloud. The Debian/OSS advisories note fixes im...
CVE-2020-10185
Removed by vendor...
Debian DLA-345-1 : strongswan security update
Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without...