A flaw in GnuTLS causes incorrect username matching for RSA-PSK cipher suites when usernames contain NUL characters. A remote unauthenticated attacker can send a specially crafted username to bypass authentication checks on vulnerable servers. This allows unauthorized access to services protected by vulnerable GnuTLS configurations.
Remediation
Update GnuTLS to the latest patched version that fixes the username matching logic. Disable the RSA-PSK cipher suite if it is not actively in use. Restart all services that link against the vulnerable GnuTLS library after patching.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.