CVE-2025-29991 - Yubico YubiKey FIDO CTAP PIN/UV Auth Protocol Two Signature Verification Vulnerability
CVE ID : CVE-2025-29991 Published : April 3, 2025, 3:15 a.m. | 59 minutes ago Description : Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification. Severity: 2.2 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29991
Published : April 3, 2025, 3:15 a.m. | 59 minutes ago
Description : Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : April 3, 2025, 3:15 a.m. | 59 minutes ago
Description : Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
