Yubico

Yubico

Yubico, renowned for its YubiKey 5 series hardware tokens used for two-factor authentication, faced a significant issue with a cryptographic flaw allowing cloning of the devices. This vulnerability was identified as a side channel in the Infineon microcontroller used across several authentication products. Because updating the YubiKey firmware isn't feasible, all keys with firmware versions older than 5.7 remain permanently at risk. The exploitation of this flaw requires physical access and sophisticated technical knowledge. Although the implications are concerning, there has been no reported misuse of this flaw thus far.

Source: https://www.wired.com/story/yubikey-vulnerability-cloning/

"id": "yub004090624",
"linkid": "yubico",
"type": "Vulnerability",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.