Is Authentication Mangager and/or the appliances they run on, specifically AM8 Appliance 130, vulnerable to CVE-2017-15361? Do they even have tpm chips installed?
Is Authentication Mangager and/or the appliances they run on, specifically AM8 Appliance 130, vulnerable to CVE-2017-15361? Do they even have tpm chips installed?
Latest word is that an official statement is in development and should be available within the next 24-48 hours. Until then, the unofficial word is that the vulnerability is not an issue with the underlying RSA algorithm and it does not create any vulnerabilities within RSA products.
PSO will release their statement later, they are checking with third party products and partners to verify any Infineon chips used in those products, but the word I just got is that there are no Authentication Manager or Token products that use these Infineon Smart Card chips, therefore AM is not vulnerable to what basically is a flaw in an Infineon library in how it implemented an RSA algorithm. Since the PSO statement needs to be inclusive of everything RSA makes or partners with, the PSO statement needs to be more complete than an AM statement, and that takes more time.
Nothing RSA has currently is vulnerable.
000035660 - Infineon Trusted Platform Module (TPM) Vulnerability (CVE-2017-15361) Impact on RSA Products