CWE
203
Advisory Published
Updated

CVE-2024-45678

First published: Tue Sep 03 2024(Updated: )

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
All of
Yubico Yubikey 5c Nfc Firmware<5.7
Yubico Yubikey 5c Nfc
All of
Yubico Yubikey 5 Nfc Firmware<5.7
Yubico YubiKey 5 NFC
All of
Yubico Yubikey 5c Firmware<5.7
Yubico Yubikey 5c
All of
Yubico Yubikey 5 Nano Firmware<5.7
Yubico Yubikey 5 Nano
All of
Yubico Yubikey 5c Nano Firmware<5.7
Yubico Yubikey 5c Nano
All of
Yubico Yubikey 5ci Firmware<5.7
Yubico Yubikey 5ci
All of
Yubico Yubikey 5 Nfc Fips Firmware<5.7
Yubico Yubikey 5 Nfc Fips
All of
Yubico Yubikey 5c Nfc Fips Firmware<5.7
Yubico Yubikey 5c Nfc Fips
All of
Yubico Yubikey 5c Fips Firmware<5.7
Yubico Yubikey 5c Fips
All of
Yubico Yubikey 5 Nano Fips Firmware<5.7
Yubico Yubikey 5 Nano Fips
All of
Yubico Yubikey 5c Nano Fips Firmware<5.7
Yubico Yubikey 5c Nano Fips
All of
Yubico Yubikey 5ci Fips Firmware<5.7
Yubico Yubikey 5ci Fips
All of
Yubico Yubikey C Bio Firmware<5.7.2
Yubico Yubikey C Bio
All of
Yubico Yubikey Bio Firmware<5.7.2
Yubico Yubikey Bio
All of
Yubico Security Key Nfc By Yubico Firmware<5.7
Yubico Security Key Nfc By Yubico
All of
Yubico Security Key C Nfc By Yubico Firmware<5.7
Yubico Security Key C Nfc By Yubico
All of
Yubico Yubihsm 2 Fips Firmware<2.4.0
Yubico Yubihsm 2 Fips=2.2
All of
Yubico Yubihsm 2 Firmware<2.4.0
Yubico Yubihsm 2=2.3.2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203