An attacker can correlate a resumed TLS session with a previous connection.
Session tickets generated by crypto/tls do not contain a randomly generated ticketageadd, which allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-0531" }