[Bug 1812224] CVE-2020-10185 yubikey-val: allows remote attackers to replay an OTP

Author:



The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.



Source link

Write a comment:
*

Your email address will not be published.

RELATED STORIES
Category Product Vulnerabilities

360CERT – 每日安全简报 (2020-07-11)

July 11, 2020
We are greeting further cooperation with all parts of security services. If you are interested...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Fedora 31: squid 2020-cbebc5617e>

July 11, 2020
Security fix ——————————————————————————– Fedora Update Notification FEDORA-2020-cbebc5617e 2020-07-11 01:03:04.330810 ——————————————————————————– Name : squid Product :...
Read More
Category Product Vulnerabilities

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.8 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0

July 11, 2020
Jul 10, 2020 8:01 pm EDT Categorized: High Severity Share this post: Synthetic...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Opinion | I Have Cancer. Now My Facebook Feed Is Full of ‘Alternative Care’ Ads.

July 11, 2020
Last week, I posted about my breast cancer diagnosis on Facebook. Since then, my Facebook...
Read More
Category Product Vulnerabilities

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM StoredIQ InstaScan

July 11, 2020
Jul 10, 2020 8:00 pm EDT Categorized: High Severity Share this post: There...
Read More
Category Product Vulnerabilities

Security Bulletin: Vulnerability identified in Apache ActiveMQ used in Cloud Pak System (CVE-2020-1941)

July 11, 2020
Jul 10, 2020 8:00 pm EDT Categorized: Medium Severity Share this post: Cross...
Read More
Category Product Vulnerabilities

Security Bulletin: IBM StoredIQ is affected by a vulnerability in NGINX (CVE-2019-20372)

July 11, 2020
Jul 10, 2020 8:00 pm EDT Categorized: Medium Severity Share this post: IBM...
Read More
Category Product Vulnerabilities

Security Bulletin: IBM Maximo Asset Management is vulnerable to Security/Authentication Bypass (CVE-2019-4591)

July 11, 2020
Jul 10, 2020 8:00 pm EDT Categorized: Medium Severity Share this post: IBM...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

CVE-2020-11081 – Alert Detail – Security Database

July 11, 2020
Executive Summary Informations Name CVE-2020-11081 First vendor Publication 2020-07-10 Vendor Cve Last vendor Modification 2020-07-10...
Read More
Category Product Vulnerabilities

Vulnerability CVE-2020-15505

July 10, 2020
Published: 2020-07-07 Description: A remote code execution vulnerability in MobileIron Core and Connector versions 10.6...
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact