6 matches found
TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm
Impact TPM 2.0 users are unaffected by this issue. An adversary eavesdropping on the TPM 1.2 transport path can calculate usageAuth for a key created with CreateWrapKey, even though this value is encrypted as part of the TPM 1.2 command protocol. The TPM 1.2 CreateWrapKey command accepts two...
GHSA-5X29-3HR9-6WPW TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm
Impact TPM 2.0 users are unaffected by this issue. An adversary eavesdropping on the TPM 1.2 transport path can calculate usageAuth for a key created with CreateWrapKey, even though this value is encrypted as part of the TPM 1.2 command protocol. The TPM 1.2 CreateWrapKey command accepts two...
GO-2021-0095 Sensitive information exposure in github.com/google/go-tpm
Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted, allowing them to use the created key...
CVE-2020-8918
An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and...
Code injection
An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and...
CVE-2020-8918 TPM 1.2 key authorization values are vulnerable to a TPM transport eavesdropper
An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and...