Описание
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
A flaw was found in GnuTLS, in versions starting from 3.6.4, where it does not session the ticket encryption key in a secure fashion by the application which is connecting. This flaw allows an attacker to craft a man-in-the-middle-attack, with the ability to bypass the TLS1.3 authentication and also recover older conversations when TLS1.2 is in use. The highest threat to this flaw is to confidentiality and integrity.
Отчет
GnuTLS versions as shipped with Red Hat Enterprise Linux 7 and earlier are not affected, as the bug was introduced in upstream at GnuTLS version 3.6.4. The older versions do not carry the affected code.
Меры по смягчению последствий
There's no available mitigation for this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | gnutls | Not affected | ||
| Red Hat Enterprise Linux 6 | gnutls | Not affected | ||
| Red Hat Enterprise Linux 7 | gnutls | Not affected | ||
| Red Hat Enterprise Linux 8 | gnutls | Fixed | RHSA-2020:2637 | 22.06.2020 |
| Red Hat Enterprise Linux 8 | gnutls | Fixed | RHSA-2020:2637 | 22.06.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | gnutls | Fixed | RHSA-2020:2639 | 22.06.2020 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | gnutls | Fixed | RHSA-2020:2638 | 22.06.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
Связанные уязвимости
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting ...
EPSS
7.4 High
CVSS3