Vulnerabilities (CVE)

Filtered by vendor Tpm2-tools Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3565 3 Fedoraproject, Redhat, Tpm2-tools Project 3 Fedora, Enterprise Linux, Tpm2-tools 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
CVE-2017-7524 1 Tpm2-tools Project 1 Tpm2.0-tools 2024-11-21 5.0 MEDIUM 7.5 HIGH
tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.