3 matches found
keylime: Keylime: Security bypass due to hardcoded TPM quote nonce
A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...
CVE-2026-6420 Keylime: keylime: security bypass due to hardcoded tpm quote nonce
A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...
CVE-2026-6420
CVE-2026-6420 affects Keylime: a flaw in the verifier uses a hardcoded TPM quote nonce instead of a cryptographically random value. An attacker with root on an enrolled monitored machine where the Keylime agent runs can stockpile valid TPM quotes and replay them to evade detection after compromis...