HomeDefault status
unaffected
Any version before 1.25.12
affected
1.26.0-0 (semver) before 1.26.5
affected
1.27.0-0 (semver) before 1.27.0-rc.2
affected
Description
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.
Problem types
CWE-201: Insertion of Sensitive Information Into Sent Data
Product status
Any version before 1.25.12
1.26.0-0 (semver) before 1.26.5
1.27.0-0 (semver) before 1.27.0-rc.2
Credits
Coia Prant (github.com/rbqvq)
References
groups.google.com/g/golang-announce/c/OrmQE_Yp5Sc