311 matches found
Authentication Bypass
Yubico java-webauthn-server is vulnerable to Authentication Bypass. The vulnerability is due to incorrect validation of a function's return value during the second-factor authentication flow, allowing attackers to bypass the intended authentication checks and impersonate legitimate users...
CVE-2026-40947
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
CVE-2026-46419
Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...
Incorrect Check of Function Return Value
Overview Affected versions of this package are vulnerable to Incorrect Check of Function Return Value in the "second factor" flow where FinishAssertionSteps fails to cross-check the verified credential handle against the requested username when a userHandle is not found for that username during t...
CVE-2026-46419
Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...
CVE-2026-46419
Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...
CVE-2026-46419
Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 is affected by a vulnerability in the second factor flow where a function’s return value was not checked, enabling impersonation. The issue is fixed in version 2.8.2 (released with a security advisory from Yubico). Affected product/vers...
CVE-2026-46419
Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...
EUVD-2026-30211
Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...
CVE-2026-46419
Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...
PT-2026-40845
Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...
SUSE CVE-2026-40947
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
EUVD-2026-23135
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
CVE-2026-40947
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
YSA-2026-02 | Yubico
A security update is available for the Yubico open-source software project webauthn-server-core to resolve a user impersonation vulnerability. No Yubico hardware is affected. In specific implementations, an attacker that has an existing account with a relying party RP can authenticate as a target...
ROS-20251014-02
A vulnerability in the pamsmauthenticate function of the Yubico pam-u2f PAM module is related to the return of an invalid status code state. Exploitation of the vulnerability could allow an attacker to escalate privileges...
Yubico YubiHSM Shell Installed (Linux)
Binary data yubicoyubihsmshellnixinstalled.nbin...
EUVD-2021-13982
Malware in sbrugna...
EUVD-2018-6664
Malware in sbrugna...
EUVD-2019-18949
Malware in sbrugna...