CVE-2020-13777

Name of the Vulnerable Software and Affected Versions GnuTLS versions 3.6.4 through 3.6.14

Description The issue is related to incorrect cryptography used for encrypting a session ticket, leading to a loss of confidentiality in TLS 1.2 and an authentication bypass in TLS 1.3. This allows an attacker to resume a TLS 1.3 session without knowing the master key, enabling man-in-the-middle (MITM) attacks. The earliest affected version is 3.6.4 due to an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.

Recommendations For GnuTLS versions 3.6.4 through 3.6.14, update to version 3.6.14 or later to resolve the issue. As a temporary workaround, consider restricting access to TLS 1.3 sessions or disabling session resumption until a patch is available. Avoid using the affected GnuTLS library for sensitive transactions until the issue is resolved.