Authentication Flaw in Yubico Ykneo-OpenPGP Product
CVE-2015-3298

8.8HIGH

Key Information:

Vendor: Yubico
Status: Ykneo-openpgp
Vendor: CVE Published:; 30 March 2022

What is CVE-2015-3298?

The Yubico Ykneo-OpenPGP product prior to version 1.0.10 contains a vulnerability that allows an attacker to bypass the PIN validation process. During the initial power-up, the device erroneously generates a signature without verifying the provided PIN, enabling unauthorized access to sensitive operations.

References

https://developers.yubico.com/ykneo-openpgp/SecurityAdvis...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2022
Vulnerability Reserved
Apr 13, 2015