CVE-2020-13777

HIGH

GnuTLS 3.6.4-3.6.13 - Use of a Broken or Risky Cryptographic Algorithm in Session Ticket Encryption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-13777. PoCs published by 0xxon, shigeki, prprhyt.

AI-analyzed exploit summary This is a Zeek script designed to detect servers potentially vulnerable to CVE-2020-13777 by analyzing session tickets for suspicious patterns. It logs notices when a vulnerable server or successful session resumption is detected.

Description

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.

Exploits (3)

nomisec SCANNER 4 stars
by 0xxon · poc
https://github.com/0xxon/cve-2020-13777

This is a Zeek script designed to detect servers potentially vulnerable to CVE-2020-13777 by analyzing session tickets for suspicious patterns. It logs notices when a vulnerable server or successful session resumption is detected.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: GnuTLS (versions affected by CVE-2020-13777)
No auth needed
Prerequisites: Network access to observe TLS 1.2 or below traffic
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 2 stars
by shigeki · poc
https://github.com/shigeki/challenge_CVE-2020-13777

This repository provides a challenge to prove TLS 1.3 MITM and decrypt 0-RTT early data, referencing CVE-2020-13777 in GnuTLS. It includes a pcap file and references external resources for details.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Complex
Reliability
Theoretical
Target: GnuTLS (versions affected by CVE-2020-13777)
No auth needed
Prerequisites: Access to the provided pcap file · Knowledge of TLS 1.3 and 0-RTT mechanisms
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by prprhyt · poc
https://github.com/prprhyt/PoC_TLS1_3_CVE-2020-13777

This PoC demonstrates the exploitation of CVE-2020-13777, a vulnerability in GnuTLS related to TLS 1.3 reconnection. It parses pcap files offline to verify the vulnerability without attacking real servers.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: GnuTLS (TLS 1.3 implementation)
No auth needed
Prerequisites: pcap files with TLS 1.3 traffic · Python 3.6+ with scapy, cryptography, pycryptodome, hashlib
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Vendor Advisory x_refsource_confirm
https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4697
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202006-01
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4384-1/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200619-0004/

Scores

CVSS v3 7.4
EPSS 0.1751
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-327
Status published
Products (6)
canonical/ubuntu_linux 19.10
canonical/ubuntu_linux 20.04
debian/debian_linux 10.0
fedoraproject/fedora 31
fedoraproject/fedora 32
gnu/gnutls 3.6.0 - 3.6.14
Published Jun 04, 2020
Tracked Since Feb 18, 2026