this post was submitted on 04 Sep 2024
5 points (100.0% liked)

(safe) Unsecure security

163 readers
2 users here now

(un) Security - Who will guard the guards?

founded 2 years ago
MODERATORS
[email protected]
[email protected]
5
Security Advisory YSA-2024-03 (www.yubico.com)
submitted 2 months ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 

A vulnerability was discovered in Infineon’s cryptographic library, which is utilized in YubiKey 5 Series, and Security Key Series with firmware prior to 5.7.0 and YubiHSM 2 with firmware prior to 2.4.0. The severity of the issue in Yubico devices is moderate.

An attacker could exploit this issue as part of a sophisticated and targeted attack to recover affected private keys. The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here