go-attestation 输入验证错误漏洞

Go-Attestation is used to abstract remote authentication operations across a variety of platforms and tpm's, thus enabling remote verification of computer identifiers and state. A security vulnerability existed prior to go-attestation 0.3.3 that allowed a local user to provide a maliciously...

Go-Attestation Improper Input Validation with attacker-controlled TPM Quote

Impact An improper input validation vulnerability in go-attestation before 0.4.0 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the...