Ticket Age Correlation Vulnerability in Go TLS Session Resumption
CVE-2022-30629 · LOW Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
Learn more about our Web Application Penetration Testing UK.