Ticket Age Correlation Vulnerability in Go TLS Session Resumption

Ticket Age Correlation Vulnerability in Go TLS Session Resumption

CVE-2022-30629 · LOW Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

Learn more about our Web Application Penetration Testing UK.