Yubico Yubikey One Time Password Validation Server
By the Year
In 2024 there have been 0 vulnerabilities in Yubico Yubikey One Time Password Validation Server . Yubikey One Time Password Validation Server did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 8.05 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Yubikey One Time Password Validation Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Yubico Yubikey One Time Password Validation Server Security Vulnerabilities
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which
CVE-2020-10184
7.5 - High
- March 05, 2020
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud.
SQL Injection
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP
CVE-2020-10185
8.6 - High
- March 05, 2020
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.
Authentication Bypass by Capture-replay
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Yubico Yubikey One Time Password Validation Server or by Yubico? Click the Watch button to subscribe.
