Edit: Yubico has issued a security advisory on the vulnerability https://www.yubico.com/support/security-advisories/ysa-2024-03/
Edit: Yubico has issued a security advisory on the vulnerability https://www.yubico.com/support/security-advisories/ysa-2024-03/
Not much of a vulnerability when you need physical access.
On the contrary. China for example is known for accessing traveler electronics both during customs/immigration checks and in their hotels. Unless the victim carries their key on their person at all times without fault it can be cloned without them knowing.
It’s like saying a bank is vulnerable if you have enough drills and guns
i have physical access to my own yubikey and can’t make a backup copy. someone else who only temporarily has access to it being able to do so is definitely a vulnerability.