Komodia SSL Digestor SDK MitM (Detected via HTTP Request)

Medium Nessus Network Monitor Plugin ID 8930

Synopsis

The remote host is affected by a man-in-the-middle vulnerability.

Description

The remote host has an application installed (such as Superfish) that uses the Komodia SSL Digestor SDK. This SDK is used to perform MitM attacks on all HTTPS connections. This is accomplished by installing a root CA certificate associated with the SDK into the Windows trusted system certificate store. The private keys for many of these root CAs are publicly known. Furthermore, this SDK is insecurely implemented and will report websites that use specially crafted self-signed certificates as trusted to the user.

A MitM attacker can exploit this vulnerability by reading and/or modifying communications encrypted via HTTPS without the user's knowledge.

Solution

If Superfish is installed, uninstall the application and related root CA certificate using the instructions provided by Lenovo.\n\nOtherwise, contact the vendor for information on how to uninstall the application and bundled root CA certificate.

See Also

https://www.us-cert.gov/ncas/alerts/TA15-051A

http://www.kb.cert.org/vuls/id/529496

https://filippo.io/Badfish

https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken

http://support.lenovo.com/us/en/product_security/superfish

http://www.komodia.com

Plugin Details

Severity: Medium

ID: 8930

Family: Policy

Published: 2015/03/01

Modified: 2016/02/05

Nessus ID: 81425

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

CVSSv3

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS3#E:X/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:komodia:digestor

Patch Publication Date: 2015/02/20

Vulnerability Publication Date: 2014/09/21

Reference Information

CVE: CVE-2015-2077, CVE-2015-2078

BID: 72693