Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Komodia SSL Digestor SDK MitM (Detected via DNS Query)

Medium

Synopsis

The remote host is affected by a man-in-the-middle vulnerability.

Description

The remote host has an application installed (such as Superfish) that uses the Komodia SSL Digestor SDK. This SDK is used to perform MitM attacks on all HTTPS connections. This is accomplished by installing a root CA certificate associated with the SDK into the Windows trusted system certificate store. The private keys for many of these root CAs are publicly known. Furthermore, this SDK is insecurely implemented and will report websites that use specially crafted self-signed certificates as trusted to the user.

A MitM attacker can exploit this vulnerability by reading and/or modifying communications encrypted via HTTPS without the user's knowledge.

Solution

If Superfish is installed, uninstall the application and related root CA certificate using the instructions provided by Lenovo.\n\nOtherwise, contact the vendor for information on how to uninstall the application and bundled root CA certificate.