reports/GO-2021-0095.yaml - vuln - Git at Google

 module: github.com/google/go-tpm
 package: github.com/google/go-tpm/tpm
 versions:
   - fixed: v0.3.0
 description: |
   Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport
   is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted,
   allowing them to use the created key.
 published: 2021-04-14T12:00:00Z
 cve: CVE-2020-8918
 credit: Chris Fenner
 symbols:
   - CreateWrapKey
 links:
   pr: https://github.com/google/go-tpm/pull/195
   commit: https://github.com/google/go-tpm/commit/d7806cce857a1a020190c03348e5361725d8f141
   context:
     - https://github.com/google/go-tpm/security/advisories/GHSA-5x29-3hr9-6wpw
	module: github.com/google/go-tpm
	package: github.com/google/go-tpm/tpm
	versions:
	- fixed: v0.3.0
	description: \|
	Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport
	is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted,
	allowing them to use the created key.
	published: 2021-04-14T12:00:00Z
	cve: CVE-2020-8918
	credit: Chris Fenner
	symbols:
	- CreateWrapKey
	links:
	pr: https://github.com/google/go-tpm/pull/195
	commit: https://github.com/google/go-tpm/commit/d7806cce857a1a020190c03348e5361725d8f141
	context:
	- https://github.com/google/go-tpm/security/advisories/GHSA-5x29-3hr9-6wpw