redhat · CVE-2017-7524

Quick triage

Priority: medium Published: 2017-06-21 00:00:00 UTC Updated: 2017-06-21 00:00:00 UTC

View at Official redhat advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.

Description:

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.

cvelogic Threat Intelligence