← volver
CVE-2020-10185

CVE-2020-10185

EPSS 1.5%
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/Yubico/yubikey-val/releases/tag/yubikey-val-2.40https://lists.debian.org/debian-lts-announce/2020/03/msg00014.htmlhttps://www.yubico.com/support/security-advisories/ysa-2020-01/