Skip to main content

Yubikey One Time Password Validation Server

2 CVEs product

Monthly

CVE-2020-10185 HIGH POC This Week

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yubikey One Time Password Validation Server
NVD GitHub
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-10184 HIGH POC This Week

The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Yubikey One Time Password Validation Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
EPSS 1% CVSS 8.6
HIGH POC This Week

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yubikey One Time Password Validation Server
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Yubikey One Time Password Validation Server
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy