Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-13777 PoC — GnuTLS 加密问题漏洞

Source
https://github.com/shigeki/challenge_CVE-2020-13777
Associated Vulnerability
Title:GnuTLS 加密问题漏洞 (CVE-2020-13777)
Description:GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
Description
Challange CVE-2020-13777
Readme
# Chanllenge CVE-2020-13777

Try to prove if TLS 1.3 MITM is possible and decrypt 0-RTT early data in pcap here (Server: 192.168.100.23:5556).

See https://jovi0608.hatenablog.com/entry/2020/06/13/104905 and [CVE-2020-13777](https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03) for details.
File Snapshot

 [4.0K]  /data/pocs/e8528e83e1f7b2357ca5c5ff3e435dece0f8cbc8
├── [ 12K]  gnutls_vul_challange.pcap
└── [ 298]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →