CVE-2017-7524

CVE-2017-7524

Vendor Tpm 2.0 Tools
Product tpm2-tools
Weakness CWE-522 · Insufficiently protected credentials
Published June 27, 2017
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.

Key dates

02Disclosure timeline

June 27, 2017 CVE published
August 5, 2024 Record updated