CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:yubico:yubikey_5c_nfc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nfc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:yubico:yubikey_5_nfc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nfc:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:yubico:yubikey_5c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:yubico:yubikey_5_nano_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nano:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:yubico:yubikey_5c_nano_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nano:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:yubico:yubikey_5ci_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5ci:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:yubico:yubikey_5_nfc_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nfc_fips:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:yubico:yubikey_5c_nfc_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nfc_fips:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:yubico:yubikey_5c_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_fips:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:yubico:yubikey_5_nano_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nano_fips:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:yubico:yubikey_5c_nano_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nano_fips:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:yubico:yubikey_5ci_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5ci_fips:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:yubico:yubikey_c_bio_firmware:*:*:*:*:fido:*:*:*
cpe:2.3:h:yubico:yubikey_c_bio:-:*:*:*:fido:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:yubico:yubikey_bio_firmware:*:*:*:*:fido:*:*:*
cpe:2.3:h:yubico:yubikey_bio:-:*:*:*:fido:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:yubico:security_key_nfc_by_yubico_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:security_key_nfc_by_yubico:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:yubico:security_key_c_nfc_by_yubico_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:security_key_c_nfc_by_yubico:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:yubico:yubihsm_2_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubihsm_2_fips:2.2:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:yubico:yubihsm_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubihsm_2:2.3.2:*:*:*:*:*:*:*

History

12 Sep 2024, 20:07

Type Values Removed Values Added
References () https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/ - () https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/ - Press/Media Coverage
References () https://news.ycombinator.com/item?id=41434500 - () https://news.ycombinator.com/item?id=41434500 - Issue Tracking
References () https://ninjalab.io/eucleak/ - () https://ninjalab.io/eucleak/ - Third Party Advisory
References () https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf - () https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf - Technical Description
References () https://support.yubico.com/hc/en-us/articles/15705749884444 - () https://support.yubico.com/hc/en-us/articles/15705749884444 - Mitigation, Third Party Advisory
References () https://www.yubico.com/support/security-advisories/ysa-2024-03/ - () https://www.yubico.com/support/security-advisories/ysa-2024-03/ - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.2
CWE CWE-203
CPE cpe:2.3:h:yubico:yubikey_5c:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubihsm_2_fips:2.2:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_c_bio:-:*:*:*:fido:*:*:*
cpe:2.3:h:yubico:security_key_c_nfc_by_yubico:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5_nfc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5_nano_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5ci_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5ci_fips:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nfc:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nano_fips:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:security_key_nfc_by_yubico:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5ci:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5ci_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5c_nfc_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubihsm_2:2.3.2:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nano:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5_nfc_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nfc_fips:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5_nano_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nfc_fips:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubihsm_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nano:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:security_key_c_nfc_by_yubico_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nfc:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5c_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_bio:-:*:*:*:fido:*:*:*
cpe:2.3:h:yubico:yubikey_5_nano_fips:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5c_nfc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_c_bio_firmware:*:*:*:*:fido:*:*:*
cpe:2.3:o:yubico:yubikey_5c_nano_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:security_key_nfc_by_yubico_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_bio_firmware:*:*:*:*:fido:*:*:*
cpe:2.3:o:yubico:yubihsm_2_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5c_nano_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_fips:-:*:*:*:*:*:*:*
First Time Yubico yubikey 5c Nfc Firmware
Yubico security Key C Nfc By Yubico
Yubico yubikey 5c Nfc Fips
Yubico security Key Nfc By Yubico Firmware
Yubico yubikey C Bio Firmware
Yubico yubikey 5 Nfc Firmware
Yubico yubikey 5 Nano Fips
Yubico yubikey 5 Nano
Yubico yubikey 5c Nano Fips
Yubico yubihsm 2 Fips Firmware
Yubico yubikey Bio
Yubico yubikey 5c Fips Firmware
Yubico yubikey C Bio
Yubico yubikey 5c Nano
Yubico yubikey Bio Firmware
Yubico yubikey 5c
Yubico yubikey 5ci Fips
Yubico yubikey 5c Nfc
Yubico yubikey 5c Fips
Yubico security Key C Nfc By Yubico Firmware
Yubico yubikey 5 Nfc Fips
Yubico yubikey 5c Nfc Fips Firmware
Yubico yubihsm 2 Fips
Yubico yubikey 5c Firmware
Yubico security Key Nfc By Yubico
Yubico yubikey 5ci
Yubico yubikey 5 Nano Firmware
Yubico yubikey 5 Nfc
Yubico yubihsm 2 Firmware
Yubico yubikey 5c Nano Firmware
Yubico yubihsm 2
Yubico
Yubico yubikey 5c Nano Fips Firmware
Yubico yubikey 5ci Firmware
Yubico yubikey 5 Nfc Fips Firmware
Yubico yubikey 5 Nano Fips Firmware
Yubico yubikey 5ci Fips Firmware

04 Sep 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) Los dispositivos Yubico YubiKey 5 Series con firmware anterior a la versión 5.7.0 y los dispositivos YubiHSM 2 con firmware anterior a la versión 2.4.0 permiten un ataque de extracción de clave secreta ECDSA (que requiere acceso físico y equipo costoso) en el que está presente un canal lateral electromagnético debido a una inversión modular de tiempo no constante para el algoritmo euclidiano extendido, también conocido como el problema EUCLEAK. También pueden verse afectados otros usos de una librería criptográfica de Infineon.

03 Sep 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-03 20:15

Updated : 2024-09-12 20:07


NVD link : CVE-2024-45678

Mitre link : CVE-2024-45678

CVE.ORG link : CVE-2024-45678


JSON object : View

Products Affected

yubico

  • yubikey_5ci_fips
  • yubikey_5c_nano_fips
  • security_key_c_nfc_by_yubico
  • yubikey_c_bio
  • yubikey_5c_nano
  • yubikey_5ci
  • yubikey_c_bio_firmware
  • yubikey_5ci_fips_firmware
  • yubihsm_2
  • yubikey_5_nano
  • yubikey_5_nfc_firmware
  • yubikey_5c
  • yubikey_5_nano_fips
  • yubikey_5c_nfc
  • yubikey_5c_nfc_fips_firmware
  • security_key_nfc_by_yubico
  • yubikey_5ci_firmware
  • yubikey_5c_nano_firmware
  • yubikey_5_nano_firmware
  • security_key_nfc_by_yubico_firmware
  • yubikey_5_nfc_fips
  • yubikey_bio
  • yubikey_5_nfc_fips_firmware
  • security_key_c_nfc_by_yubico_firmware
  • yubihsm_2_firmware
  • yubikey_5c_firmware
  • yubikey_5c_nfc_fips
  • yubikey_5c_fips_firmware
  • yubihsm_2_fips
  • yubikey_bio_firmware
  • yubikey_5c_nano_fips_firmware
  • yubikey_5c_fips
  • yubikey_5_nfc
  • yubikey_5c_nfc_firmware
  • yubikey_5_nano_fips_firmware
  • yubihsm_2_fips_firmware
CWE
CWE-203

Observable Discrepancy