A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1950046 | Issue Tracking Patch Third Party Advisory |
https://github.com/stefanberger/libtpms/issues/183 | Exploit Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/ |
Configurations
History
07 Nov 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-04-19 21:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-3505
Mitre link : CVE-2021-3505
CVE.ORG link : CVE-2021-3505
JSON object : View
Products Affected
libtpms_project
- libtpms
redhat
- enterprise_linux
fedoraproject
- fedora
CWE
CWE-331
Insufficient Entropy