PT-2024-26428 · Yubico · Yubico Yubikey 5 Fips+3
Published
2024-05-29
·
Updated
2025-08-01
·
CVE-2024-35311
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Yubico YubiKey 5 Series versions 5.0.0 through 5.6.x
Yubico Security Key Series versions 5.0.0 through 5.6.x
Yubico YubiKey Bio Series versions 5.0.0 through 5.6.3
Yubico YubiKey 5 FIPS versions 5.0.0 through 5.7.1
Description
The issue is related to Incorrect Access Control.
Recommendations
For Yubico YubiKey 5 Series versions 5.0.0 through 5.6.x, update to version 5.7.0 or later.
For Yubico Security Key Series versions 5.0.0 through 5.6.x, update to version 5.7.0 or later.
For Yubico YubiKey Bio Series versions 5.0.0 through 5.6.3, update to version 5.6.4 or later.
For Yubico YubiKey 5 FIPS versions 5.0.0 through 5.7.1, update to version 5.7.2 or later.
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yubico Security Key Series
Yubico Yubikey 5 Fips
Yubico Yubikey 5 Series
Yubico Yubikey Bio Series