Improper Input Validation Affecting keylime Open this link in a new tab package, versions [,6.4.0)


0.0
high
  • Attack Complexity

    Low

  • Confidentiality

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-PYTHON-KEYLIME-2808854

  • published

    6 May 2022

  • disclosed

    5 May 2022

  • credit

    THS-on

How to fix?

Upgrade keylime to version 6.4.0 or higher.

Overview

keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud

Affected versions of this package are vulnerable to Improper Input Validation in Tenant and Verifier which does not use the same registrar data. It allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM.

References