cve/2024/CVE-2024-45678.md

### [CVE-2024-45678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45678)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.

### POC

#### Reference
- https://news.ycombinator.com/item?id=41434500
- https://support.yubico.com/hc/en-us/articles/15705749884444

#### Github
No PoCs found on GitHub currently.