blob: 8cf15c2a9713aa679840d2a75ea55ad30f932863 [file] [log] [blame]
module: github.com/google/go-tpm
package: github.com/google/go-tpm/tpm
versions:
- fixed: v0.3.0
description: |
Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport
is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted,
allowing them to use the created key.
published: 2021-04-14T12:00:00Z
cve: CVE-2020-8918
credit: Chris Fenner
symbols:
- CreateWrapKey
links:
pr: https://github.com/google/go-tpm/pull/195
commit: https://github.com/google/go-tpm/commit/d7806cce857a1a020190c03348e5361725d8f141
context:
- https://github.com/google/go-tpm/security/advisories/GHSA-5x29-3hr9-6wpw