Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tillitis: TKey Client has an Error in Protocol Implementation
Vulnerability Description
Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored, producing the same Compound Device Identifier (CDI)—and thus the same key material—as if no USS is provided. This happens because a buffer index error overwrites the USS-enabled boolean with the first byte of the USS digest, so any USS whose hash starts with 0x00 is effectively discarded. This issue has been fixed in version 1.3.0. Users unable to upgrade immediately should switch to a USS whose hash does not begin with a zero byte.
CVSS Information
N/A
Vulnerability Type
认证算法的不正确实现
Vulnerability Title
Tillitis TKey Client package 安全漏洞
Vulnerability Description
Tillitis TKey Client package是Tillitis AB开源的一个用于控制硬件安全密钥的Go语言客户端库。 Tillitis TKey Client package 1.2.0及之前版本存在安全漏洞,该漏洞源于缓冲区索引错误导致部分用户提供的秘密被忽略,可能产生重复的密钥材料。
CVSS Information
N/A
Vulnerability Type
N/A