YubiKeys Firmware Flaw
YubiKey FIPS Series keys with firmware versions 4.4.2 and 4.4.4 have a flaw that reduces the randomness of the one-time passcodes they generate. According to Yubico, it happens after the YubiKeys turn on. A bug keeps “some predictable content” inside the keys’ data buffer.
YubiKeys with elliptic curve digital signal algorithm (ECDSA) are particularly vulnerable. 80 out of the 256 generate bits don’t change, meaning an attacker who gets access to several signatures could recreate the private key. All affected customers will get a replacement key.