An unpatchable Yubico two-factor authentication key vulnerability has broken the security of most Yubikey 5, Security Key, and YubiHSM 2FA devices. The Feitian A22 JavaCard and other devices using Infineon SLB96xx series TPMs are also vulnerable. All vulnerable 2FA keys should be assumed compromised and replaced with non-vulnerable ones as soon as possible.
#security
Fred Brooker /
npub10w…eac94
2024-09-06 00:41:39
Author Public Key
npub10wee5s0j65nwmef6ftv3g8dyp0g00yfnzme3ltzhjml7e5yzuaeq4eac94Published at
2024-09-06 00:41:39Event JSON
{
"id": "cca121db27e22c87d980bd5ff2efba900024e926b46131731966aff314bbe869",
"pubkey": "7bb39a41f2d526ede53a4ad9141da40bd0f7913316f31fac5796ffecd082e772",
"created_at": 1725583299,
"kind": 1,
"tags": [
[
"t",
"security"
],
[
"proxy",
"https://witter.cz/users/fredbrooker/statuses/113087827132149351",
"activitypub"
]
],
"content": "An unpatchable Yubico two-factor authentication key vulnerability has broken the security of most Yubikey 5, Security Key, and YubiHSM 2FA devices. The Feitian A22 JavaCard and other devices using Infineon SLB96xx series TPMs are also vulnerable. All vulnerable 2FA keys should be assumed compromised and replaced with non-vulnerable ones as soon as possible.\n\n#security",
"sig": "9a2e59ac4bba8460ec1b77883f11ef6a2249a81ce9e4d7215960ffe2e1dd4a30f30de3288ea6dab4655641c3da72adf8025e1480b0b6b216078bcda49ed5d08b"
}