Dell eDellRoot / DSDTestProvider Root CA Certificates Installed

Medium Nessus Plugin ID 87013


The remote Windows host is affected by a man-in-the-middle vulnerability.


The remote Windows host is affected by a man-in-the-middle (MitM) vulnerability due to the installation of a non-authorized root CA certificate into the Windows trusted system certificate store. The private keys for many of these root CAs are publicly known.
Furthermore, websites that use specially crafted self-signed certificates will be reported as trusted to the user. Individual Firefox and Thunderbird profiles may also contain the compromised root CA certificates.

A MitM attacker can exploit this vulnerability to read and/or modify communications encrypted via HTTPS without the user's knowledge.


Uninstall the eDellRoot and DSDTestProvider root CA certificates per the vendor knowledge base article.

See Also

Plugin Details

Severity: Medium

ID: 87013

File Name: smb_edell_root_ca_installed.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Family: Windows

Published: 2015/11/23

Modified: 2016/04/29

Dependencies: 13855, 87313

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:TF/RC:ND

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2015/11/22

Reference Information

OSVDB: 130575

CERT: 870761, 925497