Adtrustmedia PrivDog fails to validate SSL certificates

2015-02-23T00:00:00
ID VU:366544
Type cert
Reporter CERT
Modified 2015-02-26T00:00:00

Description

Overview

Adtrustmedia PrivDog fails to validate SSL certificates, making systems broadly vulnerable to HTTPS spoofing.

Description

Adtrustmedia PrivDog is a Windows application that advertises "... safer, faster and more private web browsing." Privdog installs a Man-in-the-Middle (MITM) proxy as well as a new trusted root CA certificate. The MITM capabilities are provided by NetFilterSDK.com. Although the root CA certificate is generated at install time, resulting in a different certificate for each installation, Privdog does not use the SSL certificate validation capabilities that the NetFilter SDK provides. This means that web browsers will not display any warnings when a spoofed or MITM-proxied HTTPS website is visited. We have confirmed that PrivDog version 3.0.96.0 is affected.

Adtrustmedia PrivDog is promoted by the Comodo Group, which is an organization that offers SSL certificates and authentication solutions.

Users can test whether they are vulnerable to the PrivDog vulnerability and other similar vulnerabilities by visiting Filippo Valsorda's SSL test page.


Impact

An attacker can spoof HTTPS sites and intercept HTTPS traffic without triggering browser certificate warnings in affected systems.


Solution

Apply an update

This issue is addressed in PrivDog 3.0.105.0. This version of PrivDog appears to disable SSL interception for connections where the upstream certificate is not valid. Alternatively, consider the following workaround:


Uninstall PrivDog

Uninstalling PrivDog will remove the MITM proxy and the root CA certificate, thus restoring SSL validation to affected systems.


Vendor Information

Vendor| Status| Date Notified| Date Updated
---|---|---|---
AdTrustMedia| | -| 23 Feb 2015
COMODO Security Solutions, Inc.| | 23 Feb 2015| 26 Feb 2015
NetFilterSDK.com| | -| 23 Feb 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | 8.5 | AV:N/AC:L/Au:N/C:C/I:P/A:N
Temporal | 8.1 | E:H/RL:W/RC:C
Environmental | 8.0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • <https://blog.hboeck.de/archives/865-Software-Privdog-worse-than-Superfish.html>
  • <https://blog.hboeck.de/archives/866-PrivDog-wants-to-protect-your-privacy-by-sending-data-home-in-clear-text.html>
  • <http://netfiltersdk.com/help/ProtocolFilters/FT_SSL.htm>
  • <http://www.privdog.com/advisory.html>
  • <http://www.privdog.com/>
  • <https://help.comodo.com/topic-72-1-451-6840-.html>
  • <https://help.comodo.com/topic-120-1-279-6108-.html>
  • <https://filippo.io/Badfish/>
  • <https://www.eff.org/deeplinks/2015/02/dear-software-vendors-please-stop-trying-intercept-your-customers-encrypted>

Credit

This vulnerability was publicly reported by Hanno Böck.

This document was written by Will Dormann.

Other Information

  • CVE IDs: Unknown
  • Date Public: 22 Feb 2015
  • Date First Published: 23 Feb 2015
  • Date Last Updated: 26 Feb 2015
  • Document Revision: 70