Filtered by vendor Yubico
Subscribe
Filtered by product Yubikey One Time Password Validation Server
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-10184 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud. | |||||
CVE-2020-10185 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2024-02-28 | 6.8 MEDIUM | 8.6 HIGH |
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud. |