Get the latest tech news
Yubico Issues Security Advisory As 2FA Bypass Vulnerability Confirmed
Yubico has confirmed a partial 2FA bypass issue could impact some YubiKey customers—here’s what you need to know.
LightRocket via Getty Images Update, Jan. 18, 2025: This story, originally published Jan. 17, now includes further information about CVE-2025-23013 and clarification from Yubico regarding the severity rating. And for good reason: it has been leading the market in the area of hardware key resources for about as long as I can remember, and I’ve been in the cybersecurity business for multiple decades. With a centrally managed authfile, where a file cannot be modified without elevated privileges, and assuming pam-u2f is used as a second-factor authentication method in combination with a user password, Yubico said, an attacker could “attempt to memory-starve the system by allocating large amounts of memory, and triggering a memory allocation error within pam-u2f.” If successful, the second factor would not be verified anymore during an authentication event.
Or read this on r/technology/cdn.vox-cdn.com/uploads/chorus_asset/file/25436772/laptop_anfc_yubico.jpg)