Observable Timing Discrepancy Vulnerability in Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) Allows Extraction of ECC Private Key

Observable Timing Discrepancy Vulnerability in Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) Allows Extraction of ECC Private Key

CVE-2020-25082 · LOW Severity

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.

Learn more about our Physical Security Assessment.