Man-in-the-Middle (MitM) attack in gnutls (Alpine package)

1) Man-in-the-Middle (MitM) attack

EUVDB-ID: #VU28557

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-13777

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform Man-in-the-Middle (MitM) attack.

The vulnerability exists due to regression, introduced into the TLS protocol implementation that caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret. A remote attacker can bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2

Mitigation

Install update from vendor's website.

Vulnerable software versions

gnutls (Alpine package): 3.6.6-r0 - 3.6.13-r1

External links

http://git.alpinelinux.org/aports/commit/?id=8eda5a89647412e22290f72b76ba3b3d09c5f03a
http://git.alpinelinux.org/aports/commit/?id=01b34eb306a6e0a3ce306d4ed7b604064ea6da7b
http://git.alpinelinux.org/aports/commit/?id=565cd4a00c5d66310eaae4df09f4578feaaba004
http://git.alpinelinux.org/aports/commit/?id=3fb686ea66d1367fe5f9c189c4277ed86299ee89
http://git.alpinelinux.org/aports/commit/?id=001e8c2217317bd8dc53c360e2a1067d338cdb09
http://git.alpinelinux.org/aports/commit/?id=9b3acf4771f5aca10335e0374abc9b66661e8c9c
http://git.alpinelinux.org/aports/commit/?id=7eb9ebd56a745bcffb9e8e6539914a04dbc75a32
http://git.alpinelinux.org/aports/commit/?id=a3d783e23decbf703f3677c76f0f4b48bb598da8
http://git.alpinelinux.org/aports/commit/?id=271cc04541887a5e075721bba033b0c7dc5eda8c

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.