GoogleCVELIST:CVE-2020-8918CVE-2020-8918 TPM 1.2 key authorization values are vulnerable to a TPM transport eavesdropper
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.4%
An improperly initialized ‘migrationAuth’ value in Google’s go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both ‘encUsageAuth’ and ‘encMigrationAuth’, and then can calculate ‘usageAuth ^ encMigrationAuth’ as the ‘migrationAuth’ can be guessed for all keys created with CreateWrapKey. TPM2.0 is not impacted by this. We recommend updating your library to 0.3.0 or later, or, if you cannot update, to call CreateWrapKey with a random 20-byte value for ‘migrationAuth’.
CNA Affected
[
{
"product": "google/go-tpm library",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "0.3.0",
"status": "affected",
"version": "stable",
"versionType": "custom"
}
]
}
]Related
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.4%