Security Advisory 2020-07-08 – OpenPGP application Resetting Code bug

Tracking ID: YSA-2020-05
CVE: CVE-2020-15000

Summary

As defined by the OpenPGP specification, the application has three passwords: Admin PIN, Resetting Code, and User PIN. The Resetting Code is used to reset the User PIN, but it is disabled by default. When the Reset Code counter is set to a non-zero number, the Resetting Code is initialized to a known value. This known value can be used to reset the User PIN. To set the retry counters, the Admin PIN is required.

Affected Yubico devices

YubiKey 5 Series with firmware versions from 5.2.0 to 5.2.6.

Customer actions

Open the YubiKey Manager to view the firmware version of your YubiKey.

The command line interface (CLI) can also be used:
$ ykman info|grep version
Firmware version: 5.2.4

In the example above, the firmware version is 5.2.4, which means this key could be affected. If the firmware version is between 5.2.0 and 5.2.6, your key is affected and you should proceed to check the Reset Code counter from the YubiKey Manager CLI:
$ ykman openpgp info
OpenPGP version: 3.4
Application version: 5.2.4
PIN tries remaining: 0
Reset code tries remaining: 0
Admin PIN tries remaining: 3

Observe the number after “Reset code tries remaining”, the Reset Code counter. If this is 0 (default), it means you are not currently affected. If this is any number other than 0, it means you are affected. Changing the Reset Code counter to something other than 0 will require setting a Resetting Code to mitigate this issue.

Mitigation

If you have a non-zero Resetting Code counter, we advise you to set the Resetting Code explicitly unless you have already done this. The following command will require the Admin PIN:
$ gpg --edit-card -> admin -> passwd -> 4 (Set Resetting Code)

Enabling touch for all OpenPGP application operations also reduces the impact by requiring physical access to the YubiKey or user interaction to touch the key. Use ykman to verify and change the touch policy:

$ ykman openpgp info
[ .. ]
Touch policies
Signature key On (fixed)
Encryption key On (fixed)
Authentication key Off

The following command will enable touch for the authentication key:
$ ykman openpgp set-touch aut on

Technical details

When the OpenPGP application is initialized, the password content and its lengths are set to known values for the User and Admin PINs. The Resetting Code field is cleared with zeroes.

The same initialization function was used to set passwords back to their default. The Resetting Code does not have a default password so when clearing it, the maximum value of its length was used. This had the side effect that the length field of the cleared Resetting Code was set to its maximum length when it should have been set to 0.

Aggregate severity rating

Yubico has rated this issue as Moderate based on maximum security impact. The base CVSS score is 6.1