Yubico Replacing YubiKey FIPS Devices Due to Security Issue

From securityweek.com

YubiKey FIPS series impacted by crypto flaw

Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength.

In a security advisory published on Thursday, the company informed customers that the issue impacts YubiKey FIPS series devices running versions 4.4.2 and 4.4.4 of the firmware (version 4.4.3 does not exist), including Nano FIPS, C FIPS and C Nano FIPS devices. No other Yubico products appear to be impacted.

Read more…