CVE-2025-29991

LOW Year: 2025
CVSS v3 Score
2.2
Low
Weakness Type
CWE-1390
View all →

Vulnerability Description

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification.

Related Vulnerabilities

CVE-2024-47127

MEDIUM
CVSS:3.1(Low)

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vul...

CWE-13902024

CVE-2022-43400

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Act...

CWE-13902022

CVE-2024-13239

CRITICAL
CVSS:9.8(Critical)

Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.

CWE-13902024

CVE-2024-38182

CRITICAL
CVSS:9.8(Critical)

Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.

CWE-13902024

CVE-2024-48886

CRITICAL
CVSS:9.8(Critical)

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, ...

CWE-13902024

CVE-2024-50563

CRITICAL
CVSS:9.8(Critical)

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 thr...

CWE-13902024