[wp-trac] [WordPress Trac] #58769: HTTP/3 Early-Data/0-RTT replay attack
WordPress Trac
noreply at wordpress.org
Fri Feb 2 10:03:04 UTC 2024
#58769: HTTP/3 Early-Data/0-RTT replay attack
--------------------------+------------------------------
Reporter: kkmuffme | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 6.3
Severity: major | Resolution: wontfix
Keywords: | Focuses:
--------------------------+------------------------------
Changes (by kkmuffme):
* status: new => closed
* resolution: => wontfix
Comment:
This cannot be fixed with the current nonce system, since it does not
offer replay protection itself, since nonces can be reused.
Therefore any fixes here are futile, since this bug already exists for
regular (non-early) requests with nonces, since they can be replayed
easily.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58769#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list