First published: Tue Mar 29 2022(Updated: )
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Yubico ykneo-openpgp | <1.0.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for Yubico ykneo-openpgp is CVE-2015-3298.
The severity of CVE-2015-3298 is high with a severity value of 8.8.
CVE-2015-3298 affects Yubico ykneo-openpgp version up to exclusive version 1.0.10.
Yubico ykneo-openpgp has a typo in which an invalid PIN can be used, allowing a signature to be issued without validating the PIN.
To fix CVE-2015-3298 for Yubico ykneo-openpgp, update to version 1.0.10 or higher.