CVE-2020-13777: GnuTLS Vulnerability Found Hidden For 2 Years
Vulnerability in GnuTLS termed as CVE-2020-13777, is a widely adopted, open source library that uses TLS (Transport Layer Security)
According to reports, the vulnerability is found to be present in library for approximately 2 years, making resumed TLS 1.3 sessions open for attack. The vulnerability was noticed in GnuTLS 3.6.4 in September 2018, and was addressed later in newer version of GnuTLS 3.6.14 on June 3 2020.
CVE-2020-13777 Vulnerability Explained
Reportedly, this bug actually allowed GnuTLS servers to use session tickets issued during previous secure TLS 1.3 session, without utilizing the function that creates secret keys:
gnutls_session_ticket_key_generate()
Taking advantage of this vulnerability, the attackers could circumvent authentication under TLS 1.3, therefore recovering the previous conversations under TLS 1.2.
As per what the researcher named Airtower have to say:
“GnuTLS servers are able to use tickets issued by each other without access to the secret key as generated by gnutls_session_ticket_key_generate(). This allows a MITM server without valid credentials to resume sessions with a client that first established an initial connection with a server with valid credentials. The issue applies to TLS 1.3, when using TLS 1.2 resumption fails as expected.”
The security researchers have noticed this issue first with Ubuntu version 3.6.13-2ubuntu1 and created it with a new build from master termed as 52e78fle.
Some of the researchers are also arguing that GnuTLS should be eliminated as a dependency, while many of them have voiced their disdain against the library as welll, according to what pointed by TheRegister.
According to MITRE CVE dictionary, the description of CVE-2020-13777 is described as:
“GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.”
However, there’s no identified mitigation against this vulnerability as clarified by RedHat advisorry.