3 matches found
Authentication flaw
libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...
CVE-2023-31127 DMTF-2023-0001: SPDM mutual authentication bypass
libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...
CVE-2023-31127
The connected sources describe CVE-2023-31127 in libspdm: a vulnerability in SPDM session establishment where, if a device supports both DHE and PSK sessions with mutual authentication, an attacker could establish a session via KEY_EXCHANGE and PSK_FINISH to bypass mutual authentication. Affected...