The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-04-23T17:38:09.614Z
Updated: 2024-08-02T02:13:39.266Z
Reserved: 2024-04-12T19:41:51.168Z
Link: CVE-2024-32482
Vulnrichment
Updated: 2024-08-02T02:13:39.266Z
NVD
Status : Awaiting Analysis
Published: 2024-04-23T18:15:14.810
Modified: 2024-11-21T09:15:00.140
Link: CVE-2024-32482
Redhat
No data.