Vulnerability: Fixed AES Key in tpm2_import Allows MITM Attack

Vulnerability: Fixed AES Key in tpm2_import Allows MITM Attack

CVE-2021-3565 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

Learn more about our Web Application Penetration Testing UK.