Yubico Forum

Re: I set a config protection on slot 2, still overwrites

2017-10-20T14:40:50+01:00

ChrisHalos wrote:

If you're adding an access code without writing a new credential, you MUST click "Update Settings...", select the configuration slot you want to protect, and then click "Update". You'll receive a notification that the update was performed. This functionality has been the same for many years without issue.

Again, this is a community forum, not an "ask Yubico and get an answer" forum. If you need help from support, create a support ticket at yubi.co/support. We respond quite quickly during business hours.

Someone from Yubico told me in a ticket that this is not possible, the other day:

"This is the expected behavior. The access code is only written to the YubiKey at the time of configuration programming." I was specifically documenting how I used the update settings feature and the protection was not activated and I could overwrite my slots. That was their response.

Statistics: Posted by Morthawt — Fri Oct 20, 2017 2:40 pm

Re: I set a config protection on slot 2, still overwrites

2017-10-20T11:17:54+01:00

ChrisHalos wrote:

Thanks for this.

This almost answers the very same question have; specifically how to simply "protect config" WITHOUT writing-to (i.e. altering) either Slot1 or Slot2 credentials.

However, this follow-on question deals w/ the "mechanics" of actually performing this task this using the Yubikey Personalization Tool (YPT) screen(s).

It would appear that this task should be performed from either the "Yubico OTP" or "OATH-HOTP" screens by UN-CHECKING the boxes associated w/ those particular parameters BEFORE executing "Write Configuration"

Conversely, it appears that this ability would NOT work from either the "Static Password" or "Challenge-Response" screens simply because those screens do NOT provide a way to "Uncheck" alteration of the "credential" parameters.

Am I understanding it correctly ?

Statistics: Posted by LD2gIlShWrA2J9qFcwS5 — Fri Oct 20, 2017 11:17 am

Re: I set a config protection on slot 2, still overwrites

2017-10-10T15:59:38+01:00

Statistics: Posted by ChrisHalos — Tue Oct 10, 2017 3:59 pm

Re: I set a config protection on slot 2, still overwrites

2017-10-08T15:10:40+01:00

I find the lack of official responses, answering people's questions and making things clear etc, very disturbing. I love Yubikeys but my experience from Yubico on your official forum is tainting how I feel about Yubico.

Statistics: Posted by Morthawt — Sun Oct 08, 2017 3:10 pm

I set a config protection on slot 2, still overwrites

2017-09-26T13:21:28+01:00

I specifically have tried doing it at the time of writing my challenge-response, tried using the update part, any time I add a code, close the pt and open it again, go to write something else or change something it goes right through without failing due to a missing required key.

I just read the help info and it says:

Quote:

For security reasons and for avoiding accidental reprogramming, YubiKeys can be protected using configuration protection access code.
If the configuration protection access code is set, no one can reprogram the YubiKey unless the correct access code is provided during reprogramming.

So why, after setting a code, can I wipe slot 2 and fill it with gibberish, thus crippling my ability to use it? Assuming I were an attacker finding the Yubikey and wanting to deny access to something or somewhere without stealing the device?

I want nobody but me being able to mess around with my Yubikey, I thought that is the whole point of the code?

Statistics: Posted by techwg — Tue Sep 26, 2017 1:21 pm