Komodia SSL Digestor SDK MitM (Detected via DNS Query)

medium Nessus Network Monitor Plugin ID 8929

Synopsis

The remote host is affected by a man-in-the-middle vulnerability.

Description

The remote host has an application installed (such as Superfish) that uses the Komodia SSL Digestor SDK. This SDK is used to perform MitM attacks on all HTTPS connections. This is accomplished by installing a root CA certificate associated with the SDK into the Windows trusted system certificate store. The private keys for many of these root CAs are publicly known. Furthermore, this SDK is insecurely implemented and will report websites that use specially crafted self-signed certificates as trusted to the user.

A MitM attacker can exploit this vulnerability by reading and/or modifying communications encrypted via HTTPS without the user's knowledge.

Solution

If Superfish is installed, uninstall the application and related root CA certificate using the instructions provided by Lenovo.\n\nOtherwise, contact the vendor for information on how to uninstall the application and bundled root CA certificate.

See Also

https://www.us-cert.gov/ncas/alerts/TA15-051A

http://www.kb.cert.org/vuls/id/529496

https://filippo.io/Badfish

https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken

http://support.lenovo.com/us/en/product_security/superfish

http://www.komodia.com

Plugin Details

Severity: Medium

ID: 8929

Family: Policy

Published: 3/1/2015

Updated: 3/6/2019

Nessus ID: 81425

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:X/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:komodia:digestor

Patch Publication Date: 2/20/2015

Vulnerability Publication Date: 9/21/2014

Reference Information

CVE: CVE-2015-2077, CVE-2015-2078

BID: 72693