Yubico · Ykneo-Openpgp · CVE-2015-3298
**Name of the Vulnerable Software and Affected Versions**
Yubico ykneo-openpgp versions prior to 1.0.10
**Description**
The issue is caused by a typo, allowing an invalid PIN to be used. When the device is first powered up, a signature will be issued even though the PIN has not been validated.
**Recommendations**
For versions prior to 1.0.10, update to version 1.0.10 or later to resolve the issue. As a temporary workaround, consider disabling the use of the device until a patch is available. Restrict access to the device to minimize the risk of exploitation.