|
|
|
|
|
|
by ranger_danger
29 days ago
|
|
|
I was given this article after posting the previous one elsewhere: https://blog.scrt.ch/2024/10/28/privilege-escalation-through... This one does say "it appears that the user’s PIN is sent to the TPM which releases the intermediate key only if the provided secret is correct, thus effectively preventing offline bruteforce attacks." Given this, I can't see how it would be possible for anything like YellowKey to work on a cold booted TPM+PIN system without someone already knowing the PIN. Perhaps when the exploit author said "it works with PIN" they meant "it works if you enter the correct PIN"... or they are just lying. I'm not sure. |
|
|