Abstract: A vulnerability in a cryptographic library used to generate Rivest-Shamir-Adleman (RSA) encryption keys was recently disclosed. The vulnerability allows recovery of a private key when only possessing a public key. The vulnerable library is included in the firmware of specific Infineon® Trusted Platform Modules (TPM) present in systems produced by a number of Original Equipment Manufacturers (OEM) commonly used in the Department of Defense (DoD). Much of the published guidance focuses on Windows® but the vulnerability is not in Windows®. All systems and devices that include or use the vulnerable library are affected.
Date Published: 25 October 2017
Last Reviewed: 24 October 2017
Identifier: IAA U/OO/801084-17
Dissemination Control: N/A
Length: 1 page(s)