In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade github.com/edgelesssys/constellation/v2/internal/attestation
to version 2.5.2 or higher.
Affected versions of this package are vulnerable to Information Exposure allowing an attacker to intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. This is because attestation user data (such as the digest of the public key in an aTLS connection) is bound to the issuer's TPM, but not to its PCR state.