Microsoft Windows CryptoAPI Spoofing Vulnerability

Microsoft Windows CryptoAPI Crypt32.dll contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was fro...

Insecure Access Controls

@curveball/a12n-server uses insecure access controls. Inadequate permissiosn check allows any authenticated user to perform unauthorized editting of other users' information...

Exploit for Improper Certificate Validation in Microsoft

CurveBall CVE-2020-0601 - PoC This vulnerability, known as...

CurveBall – An Unimaginative Pun but a Devastating Bug

ARCHIVED STORY CurveBall – An Unimaginative Pun but a Devastating Bug By Steve Povolny · June 17, 2020 Enterprise customers looking for information on defending against Curveball can find information here. 2020 came in with a bang this year, and it wasn’t from the record-setting number of firewor...

CurveBall – An Unimaginative Pun but a Devastating Bug

ARCHIVED STORY CurveBall – An Unimaginative Pun but a Devastating Bug By Steve Povolny · June 17, 2020 Enterprise customers looking for information on defending against Curveball can find information here. 2020 came in with a bang this year, and it wasn’t from the record-setting number of firewor...

Exploit for Improper Certificate Validation in Microsoft

CurveBall CVE-2020-0601 - PoC CVE-2020-0601, or commonly ref...