CVE-2020-8918

Name of the Vulnerable Software and Affected Versions go-tpm versions prior to 0.3.0

Description The issue arises from an improperly initialized 'migrationAuth' value in the go-tpm library, allowing an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. This is due to the repeated usage of a XOR key, enabling the attacker to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted. The attacker can collect both encUsageAuth and encMigrationAuth, and then calculate usageAuth ^ encMigrationAuth as the migrationAuth can be guessed for all keys created with CreateWrapKey. TPM 2.0 users are unaffected by this issue.

Recommendations For go-tpm versions prior to 0.3.0, update the library to 0.3.0 or later. As a temporary workaround, consider calling CreateWrapKey with a random 20-byte value for migrationAuth, even though that value is not used again, and do not store or log this value.