The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a "no-touch-required" extension in Permissions.Extensions from PublicKeyCallback.
20250116.00-0ubuntu1~22.04.32.53+21.10ubuntu12.54.2+22.04ubuntu12.54.2+22.04ubuntu22.54.2+22.04ubuntu32.54.3+git19.g868fc21+22.042.54.3+git26.g360067e+22.042.55.2+22.042.55.2+22.04.12.55.3+22.042.55.3+22.04ubuntu1+21 more20250116.00-0ubuntu1~24.04.42.60.4+23.102.61.3+24.042.62+24.04build12.63+24.042.63+24.04ubuntu0.12.63.1+24.042.65.3+24.042.66.1+24.042.67.1+24.042.68.5+ubuntu24.04.1+7 more1:0.25.0-120250506.01-0ubuntu1.22.67.1+25.042.68.5+ubuntu25.10.22.71+ubuntu25.102.71.1+ubuntu25.10.12.72+ubuntu25.10.22.73+ubuntu25.102.73+ubuntu25.10.12.74.1+ubuntu25.10.42.75.2+ubuntu25.1020250506.01-0ubuntu2.12.71.1+ubuntu25.10.12.72+ubuntu26.04.12.73+ubuntu26.04.12.74+ubuntu26.042.74.1+ubuntu26.042.74.1+ubuntu26.04.32.74.1+ubuntu26.04.42.75.2+ubuntu26.04.220240716.00-0ubuntu1~16.04.0+esm3Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:HI:HA:NCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N