3 matches found
CVE-2024-51997
Trustee (open-source) contains a vulnerability in the Attestation Results Token (ART) where the embedded jwk in the ART payload can be replaced by a MITM attacker, allowing the attacker to sign crafted tokens with their private key. The current code path (v0.8.0) does not detect such replacement,...
CVE-2024-51997 The Attestation Results Token can be arbitrarily modified without being detected in Trustee
Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART Attestation Results Token token, generated by AS, could be manipulated by MITM attacker, but the verifier CoCo Verification Demander like KBS could still verify it successfully. In th...
CVE-2024-51997 The Attestation Results Token can be arbitrarily modified without being detected in Trustee
Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART Attestation Results Token token, generated by AS, could be manipulated by MITM attacker, but the verifier CoCo Verification Demander like KBS could still verify it successfully. In th...