Fishilicoo

Name of the Vulnerable Software and Affected Versions: libtpms versions prior to 0.8.0 Description: A flaw was found in the TPM 2 implementation of libtpms, where it returns 2048 bit keys with approximately 1984 bit strength due to a bug in the TCG specification. The issue lies in the key creation algorithm, specifically in the RsaAdjustPrimeCandidate() function, which is called before the prime number check. This poses a significant threat to data confidentiality. Recommendations: For versions prior to 0.8.0, update to version 0.8.0 or later to resolve the issue.