11 matches found
EUVD-2020-2646
Malware in sbrugna...
EUVD-2020-2647
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-10185
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside...
Yubico YubiKey Validation Server SQL Injection Vulnerability (CNVD-2020-16073)
Yubico YubiKey Validation Server is an authentication server from the Swedish company Yubico. A SQL injection vulnerability exists in YubiKey Validation Server versions prior to 2.40. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...
Unspecified Vulnerability in Yubico YubiKey Validation Server
Yubico YubiKey Validation Server is an authentication server from the Swedish company Yubico. A security vulnerability exists in the sync endpoint in YubiKey Validation Server versions prior to 2.40. A remote attacker could exploit the vulnerability to conduct replay attacks using previously used...
CVE-2020-10185
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...
CVE-2020-10184
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...
Default configuration
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...
UBUNTU-CVE-2020-10185
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...
CVE-2020-10184
CVE-2020-10184 affects YubiKey Validation Server’s verify endpoint (pre-2.40), allowing remote SQL injection to cause DoS on self-hosted OTP validation services (not YubiCloud). Remediation per sources: upgrade to 2.40+; Debian advisory notes fixed in 2.27-1+deb8u1 for Jessie.
CVE-2020-10185
Removed by vendor...