CVE-2020-13777 PoC — GnuTLS 加密问题漏洞

Source

https://github.com/0xxon/cve-2020-13777

Associated Vulnerability

Title:GnuTLS 加密问题漏洞 (CVE-2020-13777)
Description:GnuTLS是一款免费的用于实现SSL、TLS和DTLS协议的安全通信库。 GnuTLS 3.6.14版本中存在加密问题漏洞。攻击者可通过实施中间人攻击利用该漏洞绕过TLS 1.3版本的身份验证并恢复TLS 1.2版本的先前会话。

Description

Zeek script to detect servers vulnerable to CVE-2020-13777

File Snapshot


 [4.0K]  /data/pocs/8f5a68a0f4aeeb2736866d2c7f94bf5837fd2778
├── [1.4K]  COPYING
├── [1.7K]  Readme.md
├── [4.0K]  scripts
│   ├── [1.3K]  cve-2020-13777.zeek
│   └── [  28]  __load__.zeek
├── [4.0K]  testing
│   ├── [4.0K]  Baseline
│   │   └── [4.0K]  scripts.vulnerable
│   │       └── [ 429]  notice.log
│   ├── [ 422]  btest.cfg
│   ├── [ 381]  diff-remove-timestamps
│   ├── [1.3K]  get-zeek-env
│   ├── [  15]  Makefile
│   ├── [ 192]  random.seed
│   ├── [4.0K]  scripts
│   │   ├── [ 320]  non-vulnerable.zeek
│   │   └── [ 283]  vulnerable.zeek
│   └── [4.0K]  Traces
│       ├── [ 11K]  chrome-34-google.trace
│       ├── [8.4K]  gnutls-tls1.2-non-vulnerable.pcap
│       ├── [6.6K]  gnutls-tls1.2-vulnerable.pcap
│       └── [7.8K]  gnutls-tls1.3.pcap
└── [ 171]  zkg.meta

6 directories, 17 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!