Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.
Metrics
Affected Vendors & Products
References
History
Wed, 08 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-201 | |
| Metrics |
cvssV3_1
|
Wed, 08 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Go Standard Library
Go Standard Library crypto Tls |
|
| Vendors & Products |
Go Standard Library
Go Standard Library crypto Tls |
Wed, 08 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello. | |
| Title | Invoking Encrypted Client Hello privacy leak in crypto/tls | |
| References |
|
Status: PUBLISHED
Assigner: Go
Published:
Updated: 2026-07-08T19:38:17.603Z
Reserved: 2026-04-28T00:21:12.792Z
Link: CVE-2026-42505
Updated: 2026-07-08T18:04:08.858Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T18:15:06Z