• @[email protected]
    link
    fedilink
    English
    152 months ago

    The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key.

    Meh, doesn’t seem that realistic of an attack yet, but I know that could change.

  • @[email protected]
    link
    fedilink
    English
    22 months ago

    This only affects devices with firmware 5.6 and below—anything before May 2024. If you buy a key now, the vulnerability will be patched.