Yubico ykneo-openpgp is an open source security product from the Swedish company Yubico. It implements the OpenPGP card functionality used on YubiKey NEO devices sold by Yubico. A data forgery issue vulnerability exists in versions prior to Yubico ykneo-openpgp 1.0.10. The vulnerability stems from a spelling error in versions prior to Yubico ykneo-openpgp 1.0.10 that can be used with an invalid PIN. a signature is issued on first power-up, even if the PIN has not been verified. An attacker could use this vulnerability to obtain sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
yubico ykneo-openpgp | lt | 1.0.10 |