EUVD-2015-2188

Malware in sbrugna...

EUVD-2015-2189

Malware in sbrugna...

Komodia SSL Digestor SDK MitM (Detected via DNS Query)

Binary data 8929.prm...

Komodia SSL Digestor SDK MitM (Detected via HTTP Request)

Binary data 8930.prm...

Komodia SDK for Komodia Redirector with SSL Digestor Information Disclosure Vulnerability

Komodia SDK for Komodia Redirector with SSL Digestor is a suite of redirection platform tools for executing data using SSL encryption and dynamic SSL decryption from Komodia, Israel. An information disclosure vulnerability exists in Komodia SDK for Komodia Redirector with SSL Digestor, which aris...

Komodia SDK for Komodia Redirector with SSL Digestor Encryption Issue Vulnerability

Komodia SDK for Komodia Redirector with SSL Digestor is a suite of redirection platform tools for executing data using SSL encryption and dynamic SSL decryption from Komodia, Israel. The Komodia SDK for Komodia Redirector with SSL Digestor suffers from a cryptographic issue vulnerability that...

Komodia Certificate Manipulation Enabled Man-In-The-Middle Attacks

The shoddy state of SSL certificate validation on the Internet again floated to the surface, this time by the Superfish mess, which continues to get worse. The Electronic Frontier Foundation on Wednesday released a report based on data scoured from the Decentralized SSL Observatory which it...

CVE-2015-2078

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker alpha 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, does not properly verify X.509 certificates from SSL servers, which allows...

Design/Logic Flaw

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker alpha 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across...

Design/Logic Flaw

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker alpha 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, does not properly verify X.509 certificates from SSL servers, which allows...

CVE-2015-2077

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker alpha 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across...

CVE-2015-2078

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker alpha 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, does not properly verify X.509 certificates from SSL servers, which allows...

CVE-2015-2078

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker alpha 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, does not properly verify X.509 certificates from SSL servers, which allows...

CVE-2015-2077

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker alpha 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across...

CVE-2015-2077

CVE-2015-2077 concerns the Komodia Redirector with SSL Digestor SDK, used in multiple products (e.g., Lavasoft Ad-Aware Web Companion, Ad-Aware AdBlocker alpha, Qustodio for Windows, StaffCop 5.8). The root cause is reuse of the same X.509 certificate private key for a root CA across different cu...

CVE-2015-2078

The CVE-2015-2078 entry describes a cryptographic issue in the Komodia Redirector SSL Digestor SDK where the component does not properly verify X.509 certificates from SSL servers, enabling MITM server spoofing. This affects multiple products using the Komodia SDK (e.g., Lavasoft Ad-Aware Web Com...

Komodia Website Under DDoS Attack

Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack. As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack. “Some people say...

Superfish-like Vulnerability Found in Over 12 More Apps

'SuperFish' advertising software recently found pre-installed on Lenovo laptops is more widespread than what we all thought. Facebook has discovered at least 12 more titles using the same HTTPS-breaking technology that gave the Superfish malware capability to evade rogue certificate. The Superfis...

Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys

Overview Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing Description Komodia Redirector SDK is a self-described "interception engine" designed to enable developers to integrate proxy services and w...