tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tpm2.0-tools | Tpm2-tools_project | * | 1.1.0 (including) |
Tpm2-tools | Ubuntu | artful | * |
Tpm2-tools | Ubuntu | yakkety | * |
Tpm2-tools | Ubuntu | zesty | * |