The GNU Transport Layer Security Library (GnuTLS) patched a vulnerability hidden in code for nearly two years. The issue applies to a flaw in how TLS 1.3 session resumption works without a master key. As a result, an attacker could exploit and launch man-in-the-middle (MITM) attacks.
GnuTLS, a free software implementation of the TLS, SSL and DTLS protocols, is used in a number of Linux distributions. For example, OpenSUSE, Debian, Ubuntu, Fedora, Gentoo, and others utilize GnuTLS and issued security advisories to address the vulnerability.
NIST describes the GnuTLS TLS vulnerability CVE-2020-13777 in recent advisory:
“GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.”NIST
“This allows a MITM server without valid credentials to resume sessions with a client that first established an initial connection with a server with valid credentials,” Airtower noted.
To address the issue, the GnuTLS team recommends users upgrade to GnuTLS 3.6.14 or later versions.