Improper Input Validation Affecting keylime package, versions [,6.4.0)
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Threat Intelligence
EPSS
0.2% (58th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-KEYLIME-2808854
- published 6 May 2022
- disclosed 5 May 2022
- credit THS-on
Introduced: 5 May 2022
CVE-2022-1053 Open this link in a new tabHow to fix?
Upgrade keylime
to version 6.4.0 or higher.
Overview
keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud
Affected versions of this package are vulnerable to Improper Input Validation in Tenant
and Verifier
which does not use the same registrar data. It allows an attacker to use one AK
, EK
pair from a real TPM
to pass EK
validation and give the verifier an AK
of a software TPM
.