A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2021-06-04T11:39:40
Updated: 2021-06-30T04:06:23
Reserved: 2021-05-25T00:00:00
Link: CVE-2021-3565
JSON object: View
NVD Information
Status : Modified
Published: 2021-06-04T12:15:07.557
Modified: 2023-11-07T03:38:07.077
Link: CVE-2021-3565
JSON object: View
Redhat Information
No data.