CVE-2020-10184

CVE-2020-10184

The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud.

Source: CVE-2020-10184

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다