Lucene search
K

4 matches found

OSV
OSV
added 2026/05/11 2:42 p.m.3 views

GHSA-Q8W6-W55C-CCV5 Keylime has a hardcoded attestation challenge nonce that allows replay attacks

CVE-2026-6420: Hardcoded attestation challenge nonce allows replay attacks Impact The CertificationParameters.generatechallenge method in the push attestation protocol uses a hardcoded challenge nonce instead of generating a cryptographically random value. This removes the nonce-based replay...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/11 2:42 p.m.16 views

Keylime has a hardcoded attestation challenge nonce that allows replay attacks

CVE-2026-6420: Hardcoded attestation challenge nonce allows replay attacks Impact The CertificationParameters.generatechallenge method in the push attestation protocol uses a hardcoded challenge nonce instead of generating a cryptographically random value. This removes the nonce-based replay...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-6420

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the...

6.3CVSS5.9AI score0.00121EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/07/14 1:5 p.m.30 views

CVE-2023-3674

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...

2.3CVSS6.8AI score0.00203EPSS
Exploits0References4
Rows per page
Query Builder