714 matches found
Microsoft Security Advisory: Update for deprecation of MD5 hashing algorithm for Microsoft root certificate program: August 13, 2013
Microsoft Security Advisory: Update for deprecation of MD5 hashing algorithm for Microsoft root certificate program: August 13, 2013 INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related...
CVE-2020-3906
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement...
CVE-2020-3906
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement...
Design/Logic Flaw
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement...
CVE-2020-3906
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement...
CVE-2020-3906
CVE-2020-3906 concerns a logic issue in the macOS TCC component that could allow a maliciously crafted application to bypass code signing enforcement. The vulnerability is fixed in macOS Catalina 10.15.4. Affected: macOS Catalina (and related 10.15.x releases) where TCC logic allowed bypass of si...
Apple macOS Catalina TCC Component Logic Issue Vulnerability
Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. A logic problem exists in the Apple macOS Catalina TCC component, which can be exploited by attackers to create malicious applications that may be able to bypass code signing implementations...
Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs
Fresh firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads and cameras are putting millions of peripheral devices in danger of a range of cyberattacks, according to research from Eclypsium. TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP...
CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability | Cloud Foundry
Severity High Vendor Microsoft Corporation Description A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious...
PoC Exploits Published For Microsoft Crypto Bug
Two proof-of-concept PoC exploits have been publicly released for the recently-patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft. The vulnerability CVE-2020-0601 could enable an attacker to spoof a code-signing certificate necessary for validati...
Microsoft Windows CryptoAPI Spoofing (CVE-2020-0601)
A spoofing vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear as if the file was from a trusted source...
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing
EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47933.zip require 'openssl' raw = File.read "ca.crt" cacert = OpenSSL::X509::Certificate.newraw Parse public key from CA cakey = cacert.publickey if !cakey.instanceof? OpenSSL::PKey::EC then puts...
Microsoft Windows CryptoAPI Spoofing Vulnerability
Microsoft Windows is a Windows operating system released by Microsoft Corporation in the U.S. Microsoft CryptoAPI is a Windows Security Services API provided by Microsoft to developers for cryptographic applications to encrypt, decrypt, sign, and verify data. A spoofing vulnerability exists in...
Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft
A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency NSA. Microsoft’s January Patch Tuesday security bulletin disclosed the “important”-severity vulnerability, which could all...
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
Microsoft Windows - CryptoAPI Crypt32.dll Elliptic Curve Cryptography ECC Spoof Code-Signing Certificate EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47933.zip require 'openssl' raw = File.read "ca.crt" cacert =...
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
EDB Note Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47933.zip require 'openssl' raw = File.read "ca.crt" cacert = OpenSSL::X509::Certificate.newraw Parse public key from CA cakey = cacert.publickey if !cakey.instanceof? OpenSSL::PKey::EC then puts "...
Spoofing
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-0601
The CVE-2020-0601 issue affects Windows CryptoAPI (Crypt32.dll) and its ECC certificate validation, enabling a spoofing attack where a forged code-signing certificate could make malware appear trusted. Affected platforms include Windows 10 and Windows Server 2016/2019, with the vulnerability tied...