github.com/google/go-tpm is vulnerable to information disclosure. An attacker is able to discover the encUsageAuth
and encMigrationAuth
values and calculateusageAuth ^ encMigrationAuth
since the migrationAuth
can be guessed for all keys created with CreateWrapKey, and subsequently discover the auth value for a key created.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/google/go-tpm | eq | 0.2.0 | |
github.com/google/go-tpm | eq | 0.2.0 |