Closed hexum closed 7 years ago
Could you give more details on why you think this issue is still present? The offending lines now read:
if (!(pw1.isValidated() && pw1_modes[PW1_MODE_NO82]))
Note the additional brackets around the condition. My fix is slightly different to the solution presented on Yubico's site, but equivalent.
I was looking for exclamation mark before pw1_modes. Now I see you used more efficient solution with De Morgan's law.
It seems code still contain vulnerability revealed by Yubico. https://developers.yubico.com/ykneo-openpgp/SecurityAdvisory%202015-04-14.html