PT-2017-17788 · Tpm2 · Tpm2-Tools

Published

2017-06-27

Updated

2024-06-15

CVE-2017-7524

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions tpm2-tools versions prior to 1.1.1

Description The issue is related to a password leak. When generating HMAC, the password is transmitted in plaintext from the client to the server.

Recommendations For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2017-7524

OPENSUSE-SU-2024:11471-1

Affected Products

Tpm2-Tools

PT-2017-17788 · Tpm2 · Tpm2-Tools

CVE-2017-7524

Weakness Enumeration

Related Identifiers

Affected Products

References · 11