#VU54501 Use of a broken or risky cryptographic algorithm in libtpms
Vulnerability identifier: #VU54501
Vulnerability risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-327
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
libtpms
Universal components / Libraries /
Libraries used by multiple products
Vendor: Stefan Berger
Description
The vulnerability allows a remote attacker to decrypt data.
The vulnerability exists in libtpms due to integration with OpenSSL, which contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
libtpms: 0.5.2 - 0.8.1
External links
http://bugzilla.redhat.com/show_bug.cgi?id=1939664
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
