Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Yubico YubiKey Validation Server SQL注入漏洞
Vulnerability Description
Yubico YubiKey Validation Server是瑞典Yubico公司的一款身份认证服务器。 Yubico YubiKey Validation Server 2.40之前版本中存在SQL注入漏洞,该漏洞源于验证端点未检查SQL查询的长度。远程攻击者可利用该漏洞导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A