CVE-2022-24584

CVE-2022-24584

Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token using the Yubico Personalization Tool, they can then upload the new configuration to Yubicos OTP validation servers.

Source: CVE-2022-24584

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다