Pion DTLS Nonce Reuse Vulnerability in AES GCM Ciphers Allowing Authentication Key Leakage and Data Spoofing

A vulnerability exists in Pion DTLS, a Go implementation of Datagram Transport Layer Security, in versions 1.0.0 prior to 3.1.0. The issue arises from the use of random nonce generation with AES GCM ciphers, which can lead to the leakage of the authentication key. Remote attackers could exploit this vulnerability to spoof data by taking advantage of nonce reuse within a session, executing what is known as a 'forbidden attack'.

Impact

The vulnerability allows remote attackers to obtain the authentication key and spoof data by exploiting nonce reuse in a session, according to the advisory.

Remediation

Users are advised to upgrade to Pion DTLS version 3.1.0 or later, which addresses the vulnerability by implementing proper nonce generation practices for GCM ciphers. Instructions for upgrading can be found in the Pion DTLS repository on GitHub.