CVE-2021-3505 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Private key recovery |
Description | A security issue was found in libtpms before version 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. Upgrading to a fixed release (0.8.0+) is not sufficient. The only way to fix it is to unseal all data, delete the old TPM state file, generate a new one, then reseal the data. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1832 | libtpms | 0.7.5-1 | 0.8.0-1 | Medium | Fixed |