Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot disable configuration protection #55

Open
minisu opened this issue Aug 24, 2015 · 4 comments
Open

Cannot disable configuration protection #55

minisu opened this issue Aug 24, 2015 · 4 comments

Comments

@minisu
Copy link
Contributor

minisu commented Aug 24, 2015

Steps to reproduce: Configure a YubiKey NEO to set a static password (or challenge-response) and disable protection.

Expected result: The static password would be set and the YubiKey would become unprotected.

Actual result: The static password is set but the device remains protected.

Access code: 00 00 00 00 00 00
Firmware version: 3.1.2
YubiKey Personalization GUI version: 3.1.16

Apparently, @jeanpaulgalea had similar issues.
@afwlehmann
Copy link

Same issue for me with the NEO, application version 3.1.23 and library 1.17.2. The firmware version of the device is 3.4.3.

I'd really like to see this solved since the only way to send the configuration for Yubico OTP to Yubico seems to be via the Quick configuration dialog which assumes an unprotected device.

EDIT: I just realized that the upload can be performed directly via the web interface as long as this issue won't be fixed.

@phoerious
Copy link

I can confirm this, but I think it is a GUI-issue on Linux. As far as I can tell disabling the access code means setting it to 0x000000000000. The GUI does that and when you use the CLI (ykpersonalize) you can actually program the key without specifying an explicit access key. However, when overwriting an existing configuration, the GUI somehow thinks that 0x0 is a valid access code and fails. A workaround is to use the advanced mode and select "Yubikey(s) protected - Keep it that way" or "Yubikey(s) protected - Disable protection" (both do exactly the same in that case) and leave the current access code at 0.

Unfortunately, the "Quick" tool is not that smart which makes it impossible to program a YubiKey that way.

This seems to be a Linux-only issue. On Windows the GUI works as expected and treats 0x0 as "no access key".

@ElijahLynn
Copy link

On Ubuntu 14.04 with Yubikey Nano, firmware 3.3.7. Was attempting to program slot 2 HOTP and received the error, "YubiKey could not be configured. Perhaps protected with configuration protection access code?". Tried suggestion above by @phoerious, "protected, keep it that way" with current access code of all zeros and it worked and successfully configured slot 2.

@lord-aerion
Copy link

I just encountered this issue on Arch Linux with two YubiKey NEO, firmware 3.3.6 and 3.4.6, using YubiKey Personalization v1.19.0 and GUI v3.1.25.

The workaround suggested by @phoerious allowed me to program my keys.

Are there any plans to fix this issue, first reported 3 1/2 years ago?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@afwlehmann @phoerious @ElijahLynn @minisu @lord-aerion