CVE-2017-7524

NameCVE-2017-7524
Descriptiontpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs866257

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tpm2-tools (PTS)buster, sid2.1.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tpm2-toolssource(unstable)2.1.0-1medium866257

Notes

https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157

Search for package or bug name: Reporting problems