Dell System Detect installs root certificate and private key (DSDTestProvider)

2015-11-24T00:00:00
ID VU:925497
Type cert
Reporter CERT
Modified 2015-12-01T19:43:00

Description

Overview

Dell System Detect installs the DSDTestProvider certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle (MiTM), and passive decryption attacks, resulting in the exposure of sensitive information.

Description

Dell System Detect (DSD) is an application that runs on your Windows-based PC or Tablet with your permission and interacts with the Dell Support website. DSD is pre-installed on some Dell systems. DSD installs a trusted root certificate (DSDTestProvider) that includes the private key.

Dell systems that have been re-imaged or do not otherwise have DSD installed are not affected.


Impact

An attacker can generate certificates signed by the DSDTestProvider CA. Systems that trusts the DSDTestProvider CA will trust any certificate issued by the CA. An attacker can impersonate web sites and other services, sign software and email messages, and decrypt network traffic and other data. Common attack scenarios include impersonating a web site, performing a MiTM attack to decrypt HTTPS traffic, and installing malicious software.


Solution

Mark DSDTestProvider certificate as untrusted

Mark Revoke the DSDTestProvider certificate. Using the Windows certificate manager (certmgr.msc), move the DSDTestProvider certificate from the Trusted Root Certificate Store to Untrusted Certificates. Revoking the certificate helps prevent reinstating trust if DSD is reinstalled.

Remove DSDTestProvider certificate

Dell has issued guidance to remove the DSDTestProvider certificate in this blog post.

Administrators can Configure Trusted Roots and Disallowed Certificates for managed systems.

Update Certified Trust List

Microsoft Security Advisory 3119884 documents updates to the Certified Trust List (CTL) to mark the DSDTestProvider certificate as untrusted. Most Windows systems will automatically receive the updated CTL.


Vendor Information

925497

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Vendor has issued information

__ Sort by: Status Alphabetical

Expand all

Affected Unknown __ Unaffected

Javascript is disabled. Click here to view vendors.

__ Dell

Updated: November 25, 2015

Status

__ Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <http://www.dell.com/support/article/us/en/19/SLN300321>

CVSS Metrics

Group | Score | Vector
---|---|---
Base | 9.4 | AV:N/AC:L/Au:N/C:C/I:C/A:N
Temporal | 8.5 | E:H/RL:TF/RC:C
Environmental | 6.4 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • <http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate>
  • <http://www.dell.com/support/article/us/en/19/SLN300321>
  • <https://blog.hboeck.de/archives/876-Superfish-2.0-Dangerous-Certificate-on-Dell-Laptops-breaks-encrypted-HTTPS-Connections.html>
  • <http://huagati.blogspot.com/2015/07/do-you-know-which-cas-can-issue-ssltls.html>
  • <https://technet.microsoft.com/en-us/library/dn265983.aspx>
  • <https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html>
  • <http://www.laptopmag.com/articles/dell-certificate-security-flaw>

Acknowledgements

Reported in a blog post by Hanno Bཬk.

This document was written by Brian Gardiner.

Other Information

CVE IDs: | None
---|---
Date Public: | 2015-11-24
Date First Published: | 2015-11-24
Date Last Updated: | 2015-12-01 19:43 UTC
Document Revision: | 34