漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Keylime: keylime: registrar allows identity takeover via duplicate uuid registration
Vulnerability Description
A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
Vulnerability Type
使用多个具有重复标识的资源
Vulnerability Title
Keylime 安全漏洞
Vulnerability Description
Keylime是Keylime开源的一个利用 TPM 技术的开源可扩展信任系统。 Keylime存在安全漏洞,该漏洞源于攻击者可注册新代理并覆盖合法代理身份,可能导致绕过安全控制。
CVSS Information
N/A
Vulnerability Type
N/A