A flaw was found in tpm2-tools in versions prior to 5.1.1 and prior to 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM malicious user to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tpm2-tools project tpm2-tools |
||
redhat enterprise linux 8.0 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |