Komodia SSL Digestor Root CA Certificate Installed (Superfish)

Medium Nessus Plugin ID 81425


The remote Windows host is affected by a man-in-the-middle vulnerability.


The remote Windows host has an application installed that uses the Komodia SSL Digestor SDK (e.g. Superfish Visual Discovery and KeepMyFamilySecure). It is, therefore, affected by an HTTPS man-in-the-middle vulnerability due to the installation of a non-unique root CA certificate associated with the SDK into the Windows trusted system certificate store. The private keys for many of these root CAs are publicly known. Furthermore, the SDK is insecurely implemented and websites that use specially crafted self-signed certificates will be reported as trusted to the user. Individual Firefox and Thunderbird profiles may also contain the compromised root CA certificates.

A MitM attacker can exploit this vulnerability to read and/or modify communications encrypted via HTTPS without the user's knowledge.


If Superfish is installed, uninstall the application and root CA certificate using the instructions provided by Lenovo.

Otherwise, contact the vendor for information on how to uninstall the application and the bundled root CA certificate.

See Also








Plugin Details

Severity: Medium

ID: 81425

File Name: smb_superfish_root_ca_installed.nasl

Version: $Revision: 1.7 $

Type: local

Agent: windows

Family: Windows

Published: 2015/02/20

Modified: 2015/11/24

Dependencies: 13855

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:komodia:redirector_sdk

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2014/09/21

Reference Information

CVE: CVE-2015-2077, CVE-2015-2078

BID: 72693

OSVDB: 118562, 118638

CERT: 529496