{"id":"CVE-2017-7524","details":"tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.","modified":"2026-04-11T04:59:26.933272Z","published":"2017-06-27T14:29:00.187Z","related":["openSUSE-SU-2024:11471-1"],"references":[{"type":"FIX","url":"https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/01org/tpm2.0-tools","events":[{"introduced":"0"},{"last_affected":"1e08ba698ab71e48504518b4b9f054ce1801375e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.1.0"}]}},{"type":"GIT","repo":"https://github.com/tpm2-software/tpm2-tools","events":[{"introduced":"0"},{"fixed":"c5d72beaab1cbbbe68271f4bc4b6670d69985157"}]}],"versions":["2.0.0","2.0.0-beta_0","v1.0.0","v1.0.1","v1.1-beta_0","v1.1-beta_1","v1.1.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:59:26Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7524.json","vanir_signatures":[{"digest":{"line_hashes":["165864225263249160298319280978989806839","101702199380195429949223049532959516637","141398387035421838025360045102776212496","132721162524462162173643398948651984234"],"threshold":0.9},"id":"CVE-2017-7524-1f42cbea","signature_type":"Line","target":{"file":"lib/tpm_session.c"},"source":"https://github.com/tpm2-software/tpm2-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157","deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["254586252204020286163600424772410460959","267715276469804961707024732313449798564","96209342137147007918334866542545933780","61462436351685128351119306908089079458","249744176489845957321532133817529584492","68066838811563690508873151424193431321","111944428770312424075453754359133097636","188566356146727117938139796888122871583","84668445536793509895015590991923055720","148183876068730552352551967389787792190","216241029137337205359845428063844105867","122806264829506449325821273877331396630","12174745508328002119354123855945056756","223536653181776221487980163870075150186","218877022496171811203553951950729292909","322104216431582441745300674122233654616","321497049247625440062764794916938818065","262333223534320976532313262705224003952","302219338243683415815112302177723028578","36383495230595941201310710958013678540","166060360615773013603255372358582010564","81803750717646419168791928232866035052","337436367418675556541557720125655000557","312937810303866225698282412483986704070","227831956309741836344402192911207704344","240116388559135784296843901733927914121","100342313955708255656104704729534435693","65742153090328428692705369362083552683","150648565365152317463668283419851598634","125303902231802358198712180948070081994","174266882102331260370959043858417549200","64479693297646278223088120909540215723","317073501528596307288881965344423040362"],"threshold":0.9},"id":"CVE-2017-7524-3cac7233","signature_type":"Line","target":{"file":"lib/tpm_kdfa.c"},"source":"https://github.com/tpm2-software/tpm2-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157","deprecated":false,"signature_version":"v1"},{"digest":{"length":1298,"function_hash":"180252340920317230498263520845147375598"},"id":"CVE-2017-7524-b17f3e58","signature_type":"Function","target":{"function":"tpm_kdfa","file":"lib/tpm_kdfa.c"},"source":"https://github.com/tpm2-software/tpm2-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157","deprecated":false,"signature_version":"v1"},{"digest":{"length":1742,"function_hash":"174969441118826927661811734004315319098"},"id":"CVE-2017-7524-f4c3c5f8","signature_type":"Function","target":{"function":"StartAuthSession","file":"lib/tpm_session.c"},"source":"https://github.com/tpm2-software/tpm2-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157","deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["79624650280437269435151798918185600825","215818861346023275373037766164645113839","255847061987680970923690854203156260329"],"threshold":0.9},"id":"CVE-2017-7524-f796da68","signature_type":"Line","target":{"file":"lib/tpm_kdfa.h"},"source":"https://github.com/tpm2-software/tpm2-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157","deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}