Published: 27/06/2017 Updated: 09/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

tpm2-tools versions prior to 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tpm2-tools project tpm2.0-tools

Debian Bug report logs - #866257 tpm2-tools: CVE-2017-7524 Package: src:tpm2-tools; Maintainer for src:tpm2-tools is Mathieu Trudel-Lapierre <mathieutrudel-lapierre@canonicalcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 28 Jun 2017 19:30:05 UTC Severity: important Tags: patch, security, ups ...

tpm2-tools versions before 111 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC ...

This site contains the code for the TPM (Trusted Platform Module) 20 tools based on tpm2-tss News Release 32 is now available A mailing list now exists for support: lists01org/mailman/listinfo/tpm2 CVE-2017-7524 - Where an HMAC authorization uses the tpm to perform the hmac calculation This results in a disclosure of the password to the tpm where the user would n

This site contains the code for the TPM (Trusted Platform Module) 20 tools based on tpm2-tss News Release 210 is now available: githubcom/01org/tpm2-tools/releases/tag/210 A mailing list now exists for support: lists01org/mailman/listinfo/tpm2 CVE-2017-7524 - Where an HMAC authorization uses the tpm to perform the hmac calculation This results in a dis

CWE-522 https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866257 https://nvd.nist.gov

CVE-2017-7524

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect