<![CDATA[[Solved] Yubikey manager: not displayed as insecure with an embedded insecure python and lower version recommended]]>Hi,

See picture below:
91cb8e55-5b68-46f8-b108-8bc0a605de2c-image.png

Regards.

]]>https://vulndetect.org/topic/1063/solved-yubikey-manager-not-displayed-as-insecure-with-an-embedded-insecure-python-and-lower-version-recommendedRSS for NodeMon, 11 May 2026 11:56:00 GMTSun, 04 Apr 2021 18:01:40 GMT60<![CDATA[Reply to [Solved] Yubikey manager: not displayed as insecure with an embedded insecure python and lower version recommended on Thu, 08 Apr 2021 10:41:53 GMT]]>@gregalexandre OK, then I mark this issue as solved.

]]>https://vulndetect.org/post/4268https://vulndetect.org/post/4268Thu, 08 Apr 2021 10:41:53 GMT<![CDATA[Reply to [Solved] Yubikey manager: not displayed as insecure with an embedded insecure python and lower version recommended on Tue, 06 Apr 2021 19:18:12 GMT]]>@olli_s : you can close as lower version of Yubikey is no more recommended.

]]>https://vulndetect.org/post/4266https://vulndetect.org/post/4266Tue, 06 Apr 2021 19:18:12 GMT<![CDATA[Reply to [Solved] Yubikey manager: not displayed as insecure with an embedded insecure python and lower version recommended on Mon, 05 Apr 2021 11:14:36 GMT]]>@gregalexandre Tell me, if this can be closed. Thank you!

]]>https://vulndetect.org/post/4265https://vulndetect.org/post/4265Mon, 05 Apr 2021 11:14:36 GMT<![CDATA[Reply to [Solved] Yubikey manager: not displayed as insecure with an embedded insecure python and lower version recommended on Sun, 04 Apr 2021 19:19:43 GMT]]>@tom :
Yubikey manager may not be affected by the vulnerability of Python. But it may allow wrong usage of the version of Python they install.

Yes, the problem is the same with java, where you can have multiple unsafe versions of java installed and not updated by multiple products.

During an attack, the attacker may choose to use the vulnerable (embedded) product to run malicious actions (eg; the one that allow it to increase it rights).

I do not look at the python vulnerability. It may be acceptable. But this not coherent with defense-in-depth.

I understand your point of view even if I cannot agree.

Regards.

]]>https://vulndetect.org/post/4255https://vulndetect.org/post/4255Sun, 04 Apr 2021 19:19:43 GMT<![CDATA[Reply to [Solved] Yubikey manager: not displayed as insecure with an embedded insecure python and lower version recommended on Sun, 04 Apr 2021 18:27:25 GMT]]>@gregalexandre I don't know how Python is utilized by Yubikey Manager, so it is hard to assess if it is affected by the vulnerability in Python.

Unless Yubikey (or some independent researcher) makes any statements that indicate Yubikey Manager to be affected, then we will not flag it as being affected.

For some "libraries" it is dead obvious whether the "parent" product is affected (or not) by a vulnerability, but in a case like this, it is dependent upon their specific implementation of Python (and I have no knowledge about how they use it). The same goes for many applications that utilize Java.

Given the latest vuln that was fixed in Python, I wouldn't worry much though.

]]>https://vulndetect.org/post/4254https://vulndetect.org/post/4254Sun, 04 Apr 2021 18:27:25 GMT