8 matches found
CVE-2024-25140
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...
CVE-2024-25140
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...
CVE-2024-25140
CVE-2024-25140 affects RustDesk 1.2.3 on Windows. A default install places a WDKTestCert in Trusted Root Certification Authorities with EKU Code Signing (1.3.6.1.5.5.7.3.3), valid 2023–2033. This was intended behavior per vendor note, using a test certificate due to lack of EV cert, raising conce...
CVE-2017-9758
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."...
Session fixation
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."...
CVE-2017-9758
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."...
CVE-2012-4948
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the...
Full Disclosure: Windows File Protection Arbitrary Certificate Chain Vulnerability
============================================================================ == SECURITY ALERT Windows File Protection Arbitrary Certificate Chain Vulnerability December 26, 2002 Full Disclosure, [email protected] and others December 24, 2002 Private Disclosure Jason Coombs [email protected]...