Candidate: CVE-2017-7524
PublicDate: 2017-06-27 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7524
 https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157
Description:
 tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to
 transmitting password in plaintext from client to server when generating
 HMAC.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_tpm2-tools:
upstream_tpm2-tools: needs-triage
precise/esm_tpm2-tools: DNE
trusty_tpm2-tools: DNE
trusty/esm_tpm2-tools: DNE
vivid/ubuntu-core_tpm2-tools: DNE
xenial_tpm2-tools: not-affected (code not present)
yakkety_tpm2-tools: ignored (reached end-of-life)
zesty_tpm2-tools: ignored (reached end-of-life)
artful_tpm2-tools: ignored (reached end-of-life)
bionic_tpm2-tools: not-affected (2.1.0-1)
cosmic_tpm2-tools: not-affected (2.1.0-1)
devel_tpm2-tools: not-affected (2.1.0-1)