CVE-2024-45678

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.

4.2 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/ Press/Media Coverage
https://news.ycombinator.com/item?id=41434500 Issue Tracking
https://ninjalab.io/eucleak/ Third Party Advisory
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf Technical Description
https://support.yubico.com/hc/en-us/articles/15705749884444 Mitigation Third Party Advisory
https://www.yubico.com/support/security-advisories/ysa-2024-03/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:yubico:yubikey_5c_nfc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nfc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:yubico:yubikey_5_nfc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nfc:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:yubico:yubikey_5c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:yubico:yubikey_5_nano_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nano:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:yubico:yubikey_5c_nano_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nano:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:yubico:yubikey_5ci_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5ci:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:yubico:yubikey_5_nfc_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nfc_fips:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:yubico:yubikey_5c_nfc_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nfc_fips:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:yubico:yubikey_5c_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_fips:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:yubico:yubikey_5_nano_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nano_fips:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:yubico:yubikey_5c_nano_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nano_fips:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:yubico:yubikey_5ci_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5ci_fips:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:yubico:yubikey_c_bio_firmware:*:*:*:*:fido:*:*:*
cpe:2.3:h:yubico:yubikey_c_bio:-:*:*:*:fido:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:yubico:yubikey_bio_firmware:*:*:*:*:fido:*:*:*
cpe:2.3:h:yubico:yubikey_bio:-:*:*:*:fido:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:yubico:security_key_nfc_by_yubico_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:security_key_nfc_by_yubico:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:yubico:security_key_c_nfc_by_yubico_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:security_key_c_nfc_by_yubico:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:yubico:yubihsm_2_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubihsm_2_fips:2.2:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:yubico:yubihsm_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubihsm_2:2.3.2:*:*:*:*:*:*:*
History

12 Sep 2024, 20:07

Type Values Removed Values Added
First Time Yubico
Yubico yubikey 5c Fips
Yubico yubikey 5c Nfc Fips
Yubico yubikey 5c Nfc
Yubico yubikey 5 Nfc Fips Firmware
Yubico yubikey 5c Nfc Fips Firmware
Yubico yubikey 5 Nano Firmware
Yubico yubikey 5 Nfc
Yubico yubihsm 2
Yubico yubikey Bio Firmware
Yubico yubikey Bio
Yubico yubikey 5 Nano Fips
Yubico yubikey 5c Firmware
Yubico yubikey 5c Nano Fips Firmware
Yubico yubihsm 2 Firmware
Yubico yubikey 5 Nfc Fips
Yubico yubikey 5ci Firmware
Yubico security Key Nfc By Yubico Firmware
Yubico yubikey 5 Nano
Yubico yubikey 5c Nano Fips
Yubico yubikey 5c Nfc Firmware
Yubico yubikey 5 Nfc Firmware
Yubico yubikey 5c Nano
Yubico yubihsm 2 Fips Firmware
Yubico security Key Nfc By Yubico
Yubico yubikey C Bio Firmware
Yubico security Key C Nfc By Yubico
Yubico yubikey 5ci Fips
Yubico yubihsm 2 Fips
Yubico yubikey 5ci Fips Firmware
Yubico security Key C Nfc By Yubico Firmware
Yubico yubikey 5c Fips Firmware
Yubico yubikey C Bio
Yubico yubikey 5c Nano Firmware
Yubico yubikey 5ci
Yubico yubikey 5 Nano Fips Firmware
Yubico yubikey 5c
References () https://ninjalab.io/eucleak/ - () https://ninjalab.io/eucleak/ - Third Party Advisory
References () https://support.yubico.com/hc/en-us/articles/15705749884444 - () https://support.yubico.com/hc/en-us/articles/15705749884444 - Mitigation, Third Party Advisory
References () https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/ - () https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/ - Press/Media Coverage
References () https://www.yubico.com/support/security-advisories/ysa-2024-03/ - () https://www.yubico.com/support/security-advisories/ysa-2024-03/ - Vendor Advisory
References () https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf - () https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf - Technical Description
References () https://news.ycombinator.com/item?id=41434500 - () https://news.ycombinator.com/item?id=41434500 - Issue Tracking
CPE cpe:2.3:o:yubico:yubikey_5c_nano_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5_nano_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nfc_fips:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5_nfc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5c_nfc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nfc:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5c_nfc_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:security_key_nfc_by_yubico_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5c_nano_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5_nano_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5ci:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubihsm_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nfc:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:security_key_c_nfc_by_yubico:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nano_fips:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:security_key_nfc_by_yubico:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5_nfc_fips:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_fips:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_c_bio_firmware:*:*:*:*:fido:*:*:*
cpe:2.3:h:yubico:yubikey_5_nano:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nano:-:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5ci_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5ci_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_bio:-:*:*:*:fido:*:*:*
cpe:2.3:o:yubico:yubikey_5_nfc_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_bio_firmware:*:*:*:*:fido:*:*:*
cpe:2.3:o:yubico:security_key_c_nfc_by_yubico_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubihsm_2_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubihsm_2:2.3.2:*:*:*:*:*:*:*
cpe:2.3:o:yubico:yubikey_5c_fips_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5c_nano_fips:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubihsm_2_fips:2.2:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_5ci_fips:-:*:*:*:*:*:*:*
cpe:2.3:h:yubico:yubikey_c_bio:-:*:*:*:fido:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.2
CWE CWE-203

03 Sep 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-03 20:15

Updated : 2025-03-17 18:15

NVD link : CVE-2024-45678

Mitre link : CVE-2024-45678

JSON object : View

Products Affected

yubico

  • yubikey_5_nfc
  • security_key_nfc_by_yubico_firmware
  • yubikey_5_nano_fips
  • yubihsm_2
  • yubikey_5_nfc_fips
  • yubikey_c_bio
  • yubikey_5c_nfc_fips_firmware
  • yubikey_5_nfc_firmware
  • yubikey_5c_nfc_firmware
  • yubikey_bio
  • yubikey_5c_nfc_fips
  • security_key_c_nfc_by_yubico
  • yubikey_5_nfc_fips_firmware
  • yubikey_5c_nano_fips_firmware
  • yubikey_5c_firmware
  • yubikey_5ci_fips
  • yubikey_5c_nano_firmware
  • yubikey_c_bio_firmware
  • yubikey_5_nano_fips_firmware
  • yubihsm_2_firmware
  • security_key_nfc_by_yubico
  • yubikey_5c_fips
  • yubikey_5c_nano_fips
  • yubihsm_2_fips
  • yubikey_5_nano
  • security_key_c_nfc_by_yubico_firmware
  • yubikey_bio_firmware
  • yubikey_5ci
  • yubikey_5c
  • yubikey_5ci_firmware
  • yubikey_5c_nfc
  • yubihsm_2_fips_firmware
  • yubikey_5ci_fips_firmware
  • yubikey_5c_nano
  • yubikey_5c_fips_firmware
  • yubikey_5_nano_firmware
CWE
CWE-203

Observable Discrepancy