The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions prior to 0000000000000422 - 4.34, prior to 000000000000062b - 6.43, and prior to 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for malicious users to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (prior to 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
infineon trusted_platform_firmware 6.40 |
||
infineon trusted_platform_firmware 133.32 |
||
infineon trusted_platform_firmware 4.31 |
||
infineon trusted_platform_firmware 4.32 |
||
infineon rsa library |
Here's what to do if you have an affected badge
Some Gemalto smartcards can be potentially cloned and used by highly skilled crooks due to a cryptography blunder dubbed ROCA. Security researchers went public last week with research that revealed that RSA keys produced for smartcards, security tokens, and other devices by crypto-chips made by Infineon Technologies were weak and crackable. In other words, the private half of the RSA public-private key pairs in the gadgets, which are supposed to be secret, can be calculated from the public half,...
About a third of all crypto modules globally generate weak, crackable RSA pairs
RSA keys produced by smartcards, security tokens, laptops, and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and should be regenerated with stronger algorithms. In short, Infineon TPMs – aka trusted platform modules – are used in countless computers and gadgets to generate RSA key pairs for securing VPNs, implementing trusted boot sequences, performing whole disk encryption, granting access to cloud accounts, producing encryption certificates...