This topic contains 0 replies, has 1 voice, and was last updated by MyID Support MyID Support 1 year, 2 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #972
    MyID Support
    MyID Support
    Keymaster

    A security flaw has been discovered in some versions of Infineon secure elements. This affects some TPMs, and some smart cards/token manufacturers that use Infineon chips.  

    Although the software within Intercede’s MyID Service itself is not affected by this vulnerability, devices used with MyID may be. If you intend to use the MyID Service to issue credentials to a Microsoft Virtual Smart Card on a computer that is impacted by this vulnerability, Intercede strongly recommends that you resolve the vulnerability on the affected device (based on the vendor’s advice), before you start issuing the credentials. 

    If you have already issued Microsoft Virtual Smart Cards using the MyID Service, you should  

    1. Update the firmware on affected computers. 
    2. Cancel the affected credentials using the MyID Service dashboard.  

     At next login to Windows, affected users will be prompted to collect a new Virtual Smart Card.  

    Further details about this vulnerability and how to detect if you are affected by this problem are available from Microsoft. 

    Additional Information: 

    Affected devices can generate weak RSA keys. For further details of the flaw, see the following link.  

    https://nvd.nist.gov/vuln/detail/CVE-2017-15361 

     The manufacturer, Infineon has published public statements on this issue:  

    https://www.infineon.com/cms/en/product/promopages/tpm-update/  

    https://www.infineon.com/cms/en/product/promopages/rsa-update/ 

Viewing 1 post (of 1 total)

The forum ‘MyID service knowledge base’ is closed to new topics and replies.