Vulnerabilities (CVE)

Filtered by vendor Yubico Subscribe
Filtered by product Yubikey One Time Password Validation Server
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10185 1 Yubico 1 Yubikey One Time Password Validation Server 2024-11-21 6.8 MEDIUM 8.6 HIGH
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.
CVE-2020-10184 1 Yubico 1 Yubikey One Time Password Validation Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud.