Yubico
Infineon RSA Key Generation Issue

« Home

Functionality Assessment

Is the functionality you use with your YubiKey affected?

If your model and version of the YubiKey is listed as Possibly Affected please review the following table to determine if your specific usage is affected.

How Do You Use the YubiKeyFunctionality AffectedComments
I use my YubiKey 4 for two-factor authentication for any of these services: Gmail, Dropbox, Facebook, LastPass, Dashlane, Keeper, DUO.Not Affected
  • Your use of the YubiKey 4 is Not Affected by this vulnerability.
  • The FIDO U2F or OTP functionality used by your YubiKey with these Internet services is not affected by this vulnerability.
I use Yubico Authenticator for OTP authentication with online services.Not Affected
  • Your use of the YubiKey 4 is Not Affected by this vulnerability.
  • The Yubico OTP, OATH-TOTP or OATH-HOTP functionality used by your YubiKey is not affected by this vulnerability.
I use my YubiKey for Windows login using Yubico Windows Login Tool.Not Affected
  • Your use of the YubiKey 4 is Not Affected by this vulnerability.
  • The challenge and response functionality used by your YubiKey with this tool is not affected by this vulnerability.
I use my YubiKey for Windows Hello using Yubico Windows Hello App.Not Affected
  • Your use of the YubiKey 4 is Not Affected by this vulnerability.
  • The OATH HOTP challenge and response functionality used by your YubiKey with this app is not affected by this vulnerability.
I use my YubiKey for Linux authentication using Yubico PAM.Not Affected
  • Your use of the YubiKey 4 is Not Affected by this vulnerability.
  • The challenge and response or OTP functionality used by your YubiKey with this app is not affected by this vulnerability.
I use my YubiKey 4 for Mac OS login after configuring with PIV Manager using default settings.Not Affected
  • Your use of the YubiKey 4 is Not Affected by this vulnerability.
  • PIV Manager uses on-chip ECC key generation when setting up the YubiKey for Mac OS login and are not affected by this vulnerability.
I generated my RSA keys externally for use with OpenPGP or PIV smartcard (i.e. import keys using PIV manager or PIV tool to the YubiKey).Not Affected
  • Your use of the YubiKey 4 is Not Affected by this vulnerability.
  • RSA keys generated externally and imported into the YubiKey are not affected by this vulnerability.
I use my YubiKey for OpenPGP or PIV smartcard authentication and/or signing.Possibly Affected
  • Your use of the YubiKey 4 is Possibly Affected and you should check the firmware version of your YubiKey.
I use on-chip RSA key generation for functionalities in OpenPGP and PIV with my YubiKey.Possibly Affected
  • You are an advanced user who is using advanced functionality Possibly Affected by this vulnerability - you should check your firmware version of your YubiKey.
I was provided my key by my employer for authenticating to work-related services and applications.Possibly Affected
  • You should check with your IT manager for follow up.

Resources

Customers
Yubico customers can request assistance from Yubico Support by filing a support ticket.

Partners
Yubico partners should contact Yubico Sales directly if they have questions related to this Security Advisory.

Media/Press
Any media or press enquiries should be directed to press@yubico.com.