YubiHSM 1 Security Advisory

Applicable Products

A security review has revealed two methods to decrypt AES-CCM encrypted data (so called AEADs) if an attacker has live (remote) access to an unlocked YubiHSM 1, under some valid configurations. The methods have not been documented and may be unexpected for those unfamiliar with how AES-CCM works. This document describes the two methods and suggests workarounds. Date Published: January, 2015 Applies To: YubiHSM 1 Download: YubiHSM 1 Security Advisory

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.