---

CVE-2021-3505 - log back

CVE-2021-3505 edited at 17 Apr 2021 09:17:01
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Private key recovery
Description	+ A security issue was found in libtpms before version 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. + + Upgrading to a fixed release (0.8.0+) is not sufficient. The only way to fix it is to unseal all data, delete the old TPM state file, generate a new one, then reseal the data.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1950046 + https://github.com/stefanberger/libtpms/issues/183 + https://github.com/stefanberger/libtpms/commit/625171be0c8225824740b5d0fb7e8562f6a1c6a8 + https://github.com/stefanberger/libtpms/commit/c1f7bf55099fcd427715aa65e130475c6e836a6b
Notes

CVE-2021-3505 created at 17 Apr 2021 09:12:28