Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by “writing” it on a token using the Yubico Personalization Tool, they can then upload the new configuration to Yubicos OTP validation servers.
Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!
More Stories
CVE-2022-1436
CVE-2022-1455
CVE-2022-1465