Yubico Information for VU#307015

Infineon RSA library does not properly generate RSA key pairs

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Yubikey 4 / 4C / 4 nano, versions 4.2.6 - 4.3.4, are vulnerable when using the onboard RSA generation functionality. Yubico has published a security advisory, and provides a keycheck information page with mitigation or replacement advice.

Vendor References

https://www.yubico.com/support/security-advisories/ysa-2017-01/

https://www.yubico.com/keycheck/

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.