Use of Hard-coded Cryptographic Key in tpm2-tools

#VU54287 Use of Hard-coded Cryptographic Key in tpm2-tools

Published: 2021-06-21

Vulnerability identifier: #VU54287

Vulnerability risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3565

CWE-ID: CWE-321

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
tpm2-tools
Other software / Other software solutions

Vendor: Linux TPM2 & TSS2 Software

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of a fixed AES key in the tpm2_import function. A remote attacker can perform MitM attack and gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

tpm2-tools: 4.0 - 5.1

External links
http://bugzilla.redhat.com/show_bug.cgi?id=1964427
http://github.com/tpm2-software/tpm2-tools/releases/tag/4.3.2
http://github.com/tpm2-software/tpm2-tools/releases/tag/5.1.1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 8 update for tpm2-tools

openEuler update for tpm2-tools

Arch Linux update for tpm2-tools

Hardcoded AES key in tpm2-tools

SUSE update for tpm2.0-tools