CVE-2017-7524

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-7524
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7524.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-7524
Downstream
Related
Published
2017-06-27T14:29:00Z
Modified
2025-11-05T01:06:34.051120Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.

References

Affected packages

Git / github.com/01org/tpm2.0-tools

Affected ranges

Type
GIT
Repo
https://github.com/01org/tpm2.0-tools
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Git / github.com/tpm2-software/tpm2-tools

Affected ranges

Type
GIT
Repo
https://github.com/tpm2-software/tpm2-tools
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c5d72beaab1cbbbe68271f4bc4b6670d69985157

Affected versions

2.*

2.0.0
2.0.0-beta_0

v1.*

v1.0.0
v1.0.1
v1.1-beta_0
v1.1-beta_1
v1.1.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2017-7524-1f42cbea",
        "digest": {
            "line_hashes": [
                "165864225263249160298319280978989806839",
                "101702199380195429949223049532959516637",
                "141398387035421838025360045102776212496",
                "132721162524462162173643398948651984234"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/tpm2-software/tpm2-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157",
        "target": {
            "file": "lib/tpm_session.c"
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2017-7524-3cac7233",
        "digest": {
            "line_hashes": [
                "254586252204020286163600424772410460959",
                "267715276469804961707024732313449798564",
                "96209342137147007918334866542545933780",
                "61462436351685128351119306908089079458",
                "249744176489845957321532133817529584492",
                "68066838811563690508873151424193431321",
                "111944428770312424075453754359133097636",
                "188566356146727117938139796888122871583",
                "84668445536793509895015590991923055720",
                "148183876068730552352551967389787792190",
                "216241029137337205359845428063844105867",
                "122806264829506449325821273877331396630",
                "12174745508328002119354123855945056756",
                "223536653181776221487980163870075150186",
                "218877022496171811203553951950729292909",
                "322104216431582441745300674122233654616",
                "321497049247625440062764794916938818065",
                "262333223534320976532313262705224003952",
                "302219338243683415815112302177723028578",
                "36383495230595941201310710958013678540",
                "166060360615773013603255372358582010564",
                "81803750717646419168791928232866035052",
                "337436367418675556541557720125655000557",
                "312937810303866225698282412483986704070",
                "227831956309741836344402192911207704344",
                "240116388559135784296843901733927914121",
                "100342313955708255656104704729534435693",
                "65742153090328428692705369362083552683",
                "150648565365152317463668283419851598634",
                "125303902231802358198712180948070081994",
                "174266882102331260370959043858417549200",
                "64479693297646278223088120909540215723",
                "317073501528596307288881965344423040362"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/tpm2-software/tpm2-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157",
        "target": {
            "file": "lib/tpm_kdfa.c"
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2017-7524-b17f3e58",
        "digest": {
            "length": 1298.0,
            "function_hash": "180252340920317230498263520845147375598"
        },
        "source": "https://github.com/tpm2-software/tpm2-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157",
        "target": {
            "file": "lib/tpm_kdfa.c",
            "function": "tpm_kdfa"
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2017-7524-f4c3c5f8",
        "digest": {
            "length": 1742.0,
            "function_hash": "174969441118826927661811734004315319098"
        },
        "source": "https://github.com/tpm2-software/tpm2-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157",
        "target": {
            "file": "lib/tpm_session.c",
            "function": "StartAuthSession"
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2017-7524-f796da68",
        "digest": {
            "line_hashes": [
                "79624650280437269435151798918185600825",
                "215818861346023275373037766164645113839",
                "255847061987680970923690854203156260329"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/tpm2-software/tpm2-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157",
        "target": {
            "file": "lib/tpm_kdfa.h"
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1"
    }
]