blob: 50bbe16fab45c8aa37214be4427068b8e5c1abed [file] [log] [blame]
id: GO-2022-0531
modules:
- module: std
versions:
- fixed: 1.17.11
- introduced: 1.18.0-0
- fixed: 1.18.3
vulnerable_at: 1.18.2
packages:
- package: crypto/tls
symbols:
- serverHandshakeStateTLS13.sendSessionTickets
summary: Session tickets lack random ticket_age_add in crypto/tls
description: |-
An attacker can correlate a resumed TLS session with a previous connection.
Session tickets generated by crypto/tls do not contain a randomly generated
ticket_age_add, which allows an attacker that can observe TLS handshakes to
correlate successive connections by comparing ticket ages during session
resumption.
published: 2022-07-28T17:24:57Z
credits:
- Github user @nervuri
references:
- fix: https://go.dev/cl/405994
- fix: https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5
- report: https://go.dev/issue/52814
- web: https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ
cve_metadata:
id: CVE-2022-30629
cwe: 'CWE-200: Information Exposure'
description: |-
Non-random values for ticket_age_add in session tickets in crypto/tls before Go
1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to
correlate successive connections by comparing ticket ages during session
resumption.
review_status: REVIEWED