mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-10 15:59:29 +02:00
marc
1.7 KiB
1.7 KiB
CVE-2020-13777
Description
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
POC
Reference
No PoCs from references.
Github
- https://github.com/0xT11/CVE-POC
- https://github.com/0xxon/cve-2020-13777
- https://github.com/ARPSyndicate/cvemon
- https://github.com/DipeshGarg/Shell-Scripts
- https://github.com/Information-Warfare-Center/CSI-SIEM
- https://github.com/alphaSeclab/sec-daily-2020
- https://github.com/bollwarm/SecToolSet
- https://github.com/cisagov/Malcolm
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/garethr/snykout
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/kerk1/WarfareCenter-CSI-SIEM
- https://github.com/michaelbiven/security
- https://github.com/mmguero-dev/Malcolm-PCAP
- https://github.com/mvlnetdev/zeek_detection_script_collection
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/not1337/tlsserver
- https://github.com/prprhyt/PoC_TLS1_3_CVE-2020-13777
- https://github.com/shigeki/challenge_CVE-2020-13777
- https://github.com/soosmile/POC