Komodia SSL Digestor Root CA Certificate Installed (Superfish)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote Windows host is affected by a man-in-the-middle

Description :

The remote Windows host has an application installed that uses the
Komodia SSL Digestor SDK (e.g. Superfish Visual Discovery and
KeepMyFamilySecure). It is, therefore, affected by an HTTPS
man-in-the-middle vulnerability due to the installation of a
non-unique root CA certificate associated with the SDK into the
Windows trusted system certificate store. The private keys for many of
these root CAs are publicly known. Furthermore, the SDK is insecurely
implemented and websites that use specially crafted self-signed
certificates will be reported as trusted to the user. Individual
Firefox and Thunderbird profiles may also contain the compromised root
CA certificates.

A MitM attacker can exploit this vulnerability to read and/or modify
communications encrypted via HTTPS without the user's knowledge.

See also :


Solution :

If Superfish is installed, uninstall the application and root CA
certificate using the instructions provided by Lenovo.

Otherwise, contact the vendor for information on how to uninstall the
application and the bundled root CA certificate.

Risk factor :

Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 6.4
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 81425 ()

Bugtraq ID: 72693

CVE ID: CVE-2015-2077

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now