CVE-2017-15361 PoC — Infineon Trusted Platform Module Infineon RSA库安全漏洞

Source

Associated Vulnerability

Title:Infineon Trusted Platform Module Infineon RSA库安全漏洞 (CVE-2017-15361)
Description:Infineon Trusted Platform Module（TPM）是德国英飞凌（Infineon）科技公司的一款数据加密芯片。Infineon RSA library是其中的一个加密库。 Infineon TPM中的Infineon RSA库1.02.013版本中存在安全漏洞，该漏洞没有正确的处理RSA密钥的生成。攻击者可利用该漏洞破坏加密保护机制。以下版本受到影响：使用0000000000000422 - 4.34之前版本、000000000000062b - 6.43之前版本和00000000

Description

Go package that checks if RSA keys are vulnerable to ROCA / CVE-2017-15361

Readme

# rocacheck [![GoDoc](https://godoc.org/github.com/titanous/rocacheck?status.svg)](https://godoc.org/github.com/titanous/rocacheck)

Package rocacheck is a Go implementation of the [key fingerprint
algorithm](https://github.com/crocs-muni/roca) that checks if an RSA key was
generated by broken Infineon code and is vulnerable to factorization via the
[Return of Coppersmith's Attack
(ROCA)](https://crocs.fi.muni.cz/public/papers/rsa_ccs17) / CVE-2017-15361.

File Snapshot


 [4.0K]  /data/pocs/b51e3e37e9c0a88de771f18afc671ae98d8c5516
├── [1.1K]  LICENSE
├── [ 460]  README.md
├── [1.2K]  rocacheck.go
└── [3.3K]  rocacheck_test.go

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!