CVE-2022-30629 - Understanding the Non-random Values for ticket_age_add in Session Tickets Issue in Go's crypto/tls

The CVE-2022-30629 vulnerability concerns the non-random values used for ticket_age_add in session tickets for the Go programming language crypto/tls module before versions 1.17.11 and 1.18.3. This post covers the pertinent details about this vulnerability, provides a code snippet to demonstrate the issue, and offers the original references for further information. The exploit allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

Exploit Details

The ticket_age_add field in session tickets is used to obscure the actual age of a ticket by adding a random number to the ticket's age. However, the Go crypto/tls module was found to use non-random values for this field before versions 1.17.11 and 1.18.3. An attacker that can observe the TLS handshakes may, therefore, correlate successive connections by comparing the revealed ticket ages during session resumption.

Here is a simple code snippet demonstrating the issue

package main

import (
    "crypto/tls"
    "fmt"
    "net/http"
)

func main() {
    config := &tls.Config{
        MinVersion: tls.VersionTLS12,
    }
    tr := &http.Transport{TLSClientConfig: config}
    client := &http.Client{Transport: tr}
    response, err := client.Get("https://vulnerable.example.com/";)
    if err != nil {
        fmt.Println(err)
        return
    }
    defer response.Body.Close()
    fmt.Println("Connected to the vulnerable server.")
}

In this example, the client connects to a vulnerable example server using the crypto/tls module with a configuration limit minimum TLS version to TLS 1.2. However, the non-random values for the ticket_age_add field may still compromise the security of the connection due to the vulnerability explained above.

How to Fix the Issue?
Make sure you are using Go version 1.17.11 or 1.18.3 onwards to avoid this vulnerability. You can download the latest version of Go from the official website: https://go.dev

Original References

Refer to the information provided by the Go team in their GitHub advisory for more details: https://github.com/golang/crypto/security/advisories/GHSA-hw4w-j672-mc62

Additionally, you can see the method of issue resolution in the Go crypto repository's relevant commit: [https://github.com/golang/crypto/commit/aeea9705c][/https://github.com/golang/crypto/commit/aeea9705c]

Conclusion

The CVE-2022-30629 vulnerability within the Go programming language's crypto/tls module exposes session tickets to correlation by attackers due to non-random values used for the ticket_age_add field. Addressing this issue is crucial to maintain secure connections and mitigate potential cyber attacks. Updating your Go version to 1.17.11 or above or 1.18.3 or above will resolve this vulnerability and protect your TLS connections.

Ensure that your systems and applications are up to date and incorporate the latest security patches and advisories to safeguard your software and infrastructures against known vulnerabilities.

Timeline

Published on: 08/10/2022 20:15:00 UTC
Last modified on: 08/19/2022 13:46:00 UTC