Vulnerability Name:

CVE-2020-13131 (CCN-184965)

Assigned:2020-07-08
Published:2020-07-08
Updated:2020-07-16
Summary:An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include PINs, passwords, key material, and other sensitive information depending on the integration. During further processing by the caller, this information could leak across trust boundaries. Note that RSA key generation is triggered by the host and cannot directly be triggered by the token.
CVSS v3 Severity:4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-125
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2020-13131

Source: CCN
Type: invd Blog, Jul 8, 2020
Yubico libykpiv vulnerabilities

Source: MISC
Type: Exploit, Third Party Advisory
https://blog.inhq.net/posts/yubico-libykpiv-vuln/

Source: XF
Type: UNKNOWN
yubico-cve202013131-info-disc(184965)

Source: CCN
Type: Yubico Web site
YubiKey strong two factor authentication

Source: CONFIRM
Type: Vendor Advisory
https://www.yubico.com/products/services-software/download/smart-card-drivers-tools/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:yubico:libykpiv:*:*:*:*:*:*:*:* (Version < 2.1.0)

    • Configuration 2:
  • cpe:/a:yubico:piv_tool_manager:*:*:*:*:*:*:*:* (Version < 2.0.0)

    • Configuration 3:
  • cpe:/a:yubico:yubikey_smart_card_minidriver:*:*:*:*:*:*:*:* (Version <= 4.1.0.172)

    • * Denotes that component is vulnerable
    BACK
    yubico libykpiv *
    yubico piv tool manager *
    yubico yubikey smart card minidriver *