CVE-2017-7524

Опубликовано: 27 июн. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.

Ссылки

https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157
Patch
Third Party Advisory
https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tpm2-tools_project:tpm2.0-tools:*:*:*:*:*:*:*:*

Версия до 1.1.0 (включая)

EPSS

Процентиль: 48%

0.00248

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

CVE-2017-7524

CVSS3: 7.5

ubuntu

больше 8 лет назад

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.

CVE-2017-7524

CVSS3: 5.3

redhat

больше 8 лет назад

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.

CVE-2017-7524

CVSS3: 7.5

debian

больше 8 лет назад

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due ...

GHSA-62m4-8mv5-x4gc

CVSS3: 7.5

github

больше 3 лет назад

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.

EPSS

Процентиль: 48%

0.00248

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522