Bug 1465341 (CVE-2017-7524)

Summary: CVE-2017-7524 tpm2-tools: Sending password in plaintext for HMAC generation on server
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jsnitsel, sardella, yunying.sun
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: tpm2-tools 1.1.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-09-06 06:09:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1465342, 1465343    
Bug Blocks: 1488600    

Description Adam Mariš 2017-06-27 09:20:51 UTC 
When authenticating via an HMAC to the TPM for authorization to use a policy, client sends password and message to TPM server to generate HMAC, receives it back and then uses HMAC for authorization to use an object.

Upstream patch:

https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157
Comment 1 Adam Mariš 2017-06-27 09:21:12 UTC 
Created tpm2-tools tracking bugs for this issue:

Affects: epel-7 [bug 1465342]
Affects: fedora-all [bug 1465343]
Comment 2 Andrej Nemec 2017-07-19 08:22:26 UTC 
Acknowledgments:

Name: William Roberts (Intel)
Upstream: Imran Desai (Intel)