CVE-2017-7524

HIGH

tpm2-tools <1.1.1 - Info Disclosure

Title source: llm

Description

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.

References (1)

[Patch, Third Party Advisory] https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0025

EPSS Percentile 47.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status draft

Affected Products (1)

tpm2-tools_project/tpm2.0-tools < 1.1.0

Timeline

Published Jun 27, 2017

Tracked Since Feb 18, 2026