Informazioni sul CVE-2015-2077
N/A
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2015-2077
Descrizione: The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across different customers’ installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging knowledge of this key, as originally reported for Superfish VisualDiscovery on certain Lenovo Notebook laptop products.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- http://www.securityfocus.com/bid/72693
- http://www.us-cert.gov/cas/techalerts/TA15-051A.html
- http://www.theguardian.com/technology/2015/feb/19/lenovo-accused-compromising-user-security-installing-adware-pcs-superfish
- http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOq6Yvn8Fp4
- http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOq6Yfn8Fp4
- http://www.securitytracker.com/id/1031779
- http://www.kb.cert.org/vuls/id/529496
- http://www.wired.com/2015/02/lenovo-superfish/
- https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339
- http://support.lenovo.com/us/en/product_security/superfish
- https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/
- http://news.lenovo.com/article_display.cfm?article_id=1929
- http://marcrogers.org/2015/02/19/lenovo-installs-adware-on-customer-laptops-and-compromises-all-ssl/
Prodotti interessati
- n/a – n/a
Relazioni con altri prodotti
Nessun prodotto trovato per il CVE: cve-2015-2077