CVE-2020-13777

Description from NVD

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.

Information Acquisition Date:2021-04-27T10:44Z
CVSS 2.0: 5.8 MEDIUM CVSS 3.x: 7.4 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:P/I:P/A:N

NVD References

 https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
     source:CONFIRM
     tags:Vendor Advisory    
 DSA-4697
     source:DEBIAN
     tags:Third Party Advisory    
 FEDORA-2020-0cce3578e2
     source:FEDORA
     tags:Mailing List    Third Party Advisory    
 GLSA-202006-01
     source:GENTOO
     tags:Third Party Advisory    
 USN-4384-1
     source:UBUNTU
     tags:Third Party Advisory    
 openSUSE-SU-2020:0790
     source:SUSE
     tags:
 FEDORA-2020-4f78f122a3
     source:FEDORA
     tags:
 FEDORA-2020-76b705bb63
     source:FEDORA
     tags:
 FEDORA-2020-ea11cb5ccc
     source:FEDORA
     tags:
 https://security.netapp.com/advisory/ntap-20200619-0004/
     source:CONFIRM
     tags:

Description from Forti

gnutls: session resumption works without master key allowing MITM

Information Acquisition Date:2020/07/28

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Linux(2 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...299
http://newsbythehour.org/cybr15
http://canyoupwn.me10
https://anarc.at/blog/2020-06-10-gnutls-audit/7
http://tweetedtimes.com/Pentest101MX?s=tnp7
http://twinybots.ch6
https://atofaer.hatenablog.jp/entry/2020/07/03/1325355
https://news.ycombinator.com/item?id=239628404
https://gitlab.com/gnutls/gnutls/-/issues/10113
https://twitter.com/FiloSottile/status/12700613163682242563
https://www.proofpoint.com/us/daily-ruleset-update-summary-...3
https://jovi0608.hatenablog.com/entry/2020/06/13/1049053

Information from Twitter

User URL Info Source Date
threatintelctr https://nvd.nist.gov/vuln/detail/CVE-2020-13777 Source threatintelctr   1630975416679661577 2023/03/02
WolfgangSesin http://www.sesin.at Source WolfgangSesin    1630991386123091969 2023/03/02
WolfgangSesin https://www.sesin.at/2023/03/01/cve-2020-13777-debian_linux... Source WolfgangSesin    1630991386123091969 2023/03/02
www_sesin_at http://www.sesin.at Source www_sesin_at     1630991388618752014 2023/03/02
www_sesin_at https://www.sesin.at/2023/03/01/cve-2020-13777-debian_linux... Source www_sesin_at     1630991388618752014 2023/03/02

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com299
newsbythehour.org15
canyoupwn.me10
anarc.at7
tweetedtimes.com7
twinybots.ch6
atofaer.hatenablog.jp5
news.ycombinator.com4
gitlab.com3
twitter.com3
www.proofpoint.com3
jovi0608.hatenablog.com3

Information from Twitter

User URL Info Source
threatintelctr nvd.nist.gov Show Tweet
WolfgangSesin sesin.at Show Tweet
WolfgangSesin sesin.at Show Tweet
www_sesin_at sesin.at Show Tweet
www_sesin_at sesin.at Show Tweet
GitHub Search Results: Up to 10
NameURL
0xxon/cve-2020-13777 https://github.com/0xxon/cve-2020-13777
shigeki/challenge_CVE-2020-13777 https://github.com/shigeki/challenge_CVE-2020-13777
prprhyt/PoC_TLS1_3_CVE-2020-13777 https://github.com/prprhyt/PoC_TLS1_3_CVE-2020-13777
GitHub Search Results: Up to 10
NameURL
0xxon/cve-2020-13777 github.com
shigeki/challenge_CVE-2020-13777 github.com
prprhyt/PoC_TLS1_3_CVE-2020-13777 github.com
2023/03/02 Score : 0
Added Har-sia Database : 2020/06/04
Last Modified : 2023/03/02
Highest Scored Date : 2020/06/09
Highest Score : 42