Monthly
Authentication bypass in GnuTLS RSA-PSK implementations allows remote authenticated attackers to impersonate other users by submitting usernames containing embedded NUL characters, which are incorrectly truncated during comparison. The vulnerability enables lateral privilege escalation from one authenticated account to another, including potential administrator access, on servers using the uncommon RSA-PSK key exchange mode. CVSS 7.1 (High) reflects network accessibility with low complexity, though the attack requires initial low-privilege authentication (PR:L). EPSS data not available; no CISA KEV listing or public exploit code identified at time of analysis, suggesting exploitation is not yet widespread.
Authentication bypass in GnuTLS RSA-PSK implementations allows remote authenticated attackers to impersonate other users by submitting usernames containing embedded NUL characters, which are incorrectly truncated during comparison. The vulnerability enables lateral privilege escalation from one authenticated account to another, including potential administrator access, on servers using the uncommon RSA-PSK key exchange mode. CVSS 7.1 (High) reflects network accessibility with low complexity, though the attack requires initial low-privilege authentication (PR:L). EPSS data not available; no CISA KEV listing or public exploit code identified at time of analysis, suggesting exploitation is not yet widespread.