Описание
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.
Ссылки
- Release NotesThird Party Advisory
- ExploitVendor Advisory
- Release NotesThird Party Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
EPSS
8.6 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.
The sync endpoint in YubiKey Validation Server before 2.40 allows remo ...
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.
EPSS
8.6 High
CVSS3
6.8 Medium
CVSS2