Abstract: The Trusted Platform Module (TPM) is a hardware chip designed to enable computers achieve greater security. Proof of possession of values known as authData is required by user processes in order to use TPM keys. We demonstrate two attacks relating to the way authData is handled, and explain their consequences. By using the attacks, an attacker can circumvent some crucial operations of the TPM, and impersonate a TPM user to the TPM, or impersonate the TPM to its user. We describe modifications to the TPM protocols that avoid these attacks, and use protocol verification techniques to prove their security.