Yubico

Yubico, renowned for its YubiKey 5 series hardware tokens used for two-factor authentication, faced a significant issue with a cryptographic flaw allowing cloning of the devices. This vulnerability was identified as a side channel in the Infineon microcontroller used across several authentication products. Because updating the YubiKey firmware isn't feasible, all keys with firmware versions older than 5.7 remain permanently at risk. The exploitation of this flaw requires physical access and sophisticated technical knowledge. Although the implications are concerning, there has been no reported misuse of this flaw thus far.

Source: https://www.wired.com/story/yubikey-vulnerability-cloning/

"id": "yub004090624",
"linkid": "yubico",
"type": "Vulnerability",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"