An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mbed_tls | Arm | * | 3.5.2 (excluding) |
| Mbedtls | Ubuntu | bionic | * |
| Mbedtls | Ubuntu | lunar | * |
| Mbedtls | Ubuntu | mantic | * |
| Mbedtls | Ubuntu | xenial | * |
Such a scenario is commonly observed when: