Security Advisory YSA-2024-01 - Yubico
https://www.yubico.com/support/security-advisories/ysa-2024-01/
"If a user runs the YubiKey Manager GUI as Administrator, browser windows opened by YubiKey Manager GUI may be opened as Administrator which could be exploited by a local attacker to perform actions as Administrator."
Love how this type of exploit is super persistent. I used it 25 years ago to gain extra privileges on school computers. Oh time flies.
zhenech /
npub15j…tnad6
2024-04-07 10:33:42
Author Public Key
npub15jvjgp2lgeaf2dhn02twh4rmjqpte7layemx6q2nqzq7k4acdu3q7tnad6Published at
2024-04-07 10:33:42Event JSON
{
"id": "42e2cc302e7926fa8b23fce5cb7c103f1560975db7e1cc486b351d34e6e7c823",
"pubkey": "a49924055f467a9536f37a96ebd47b9002bcfbfd26766d01530081eb57b86f22",
"created_at": 1712486022,
"kind": 1,
"tags": [
[
"proxy",
"https://chaos.social/users/zhenech/statuses/112229483988399553",
"activitypub"
]
],
"content": "Security Advisory YSA-2024-01 - Yubico\nhttps://www.yubico.com/support/security-advisories/ysa-2024-01/\n\n\"If a user runs the YubiKey Manager GUI as Administrator, browser windows opened by YubiKey Manager GUI may be opened as Administrator which could be exploited by a local attacker to perform actions as Administrator.\"\n\nLove how this type of exploit is super persistent. I used it 25 years ago to gain extra privileges on school computers. Oh time flies.",
"sig": "046368be82d8407d64718c8013d66a2b612b5642b348a09fd9ae03f126c38c22c170ef46ef4c2111bf95e69f7fb3af85927ec9a361db95815ae28e71bcafb200"
}