← Back

Yubikey One Time Password Validation Server

yubikey_one_time_password_validation_server

Vendor: Yubico • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-10185
1Yubico
1Yubikey One Time Password Validation Server
Nov 21, 2024
Mar 5, 2020
N/A· v4
8.6 HIGH· v3
6.8 MEDIUM· v2
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service wit...Show more
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.Show less
CVE-2020-10184
1Yubico
1Yubikey One Time Password Validation Server
Nov 21, 2024
Mar 5, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially releva...Show more
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud.Show less