PoC Exploits Released for Crypto Vulnerability Found by NSA

2020-01-16 14:13

Several proof-of-concept exploits have already been created - and some of them have been made public - for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched recently after being notified by the U.S. National Security Agency.

Currently, there is no evidence that the vulnerability has been exploited in attacks, but PoC exploits have been created for CVE-2020-0601 much faster than many had anticipated.

One of the first researchers to announce successfully creating an exploit was Saleem Rashid, who published a couple of screenshots apparently showing the vulnerability being used to forge TLS certificates.

While some researchers have yet to make their PoC exploits public, others have done so.

Kudelski Security has argued that it has decided to make its PoC public due to the fact that script kiddies and most cybercriminals do not have the knowledge and resources required to exploit the vulnerability.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/1n2Ugx2e268/poc-exploits-released-crypto-vulnerability-found-nsa

#crypto #exploit #NSA #POC #vulnerability #CVE-2020-0601

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-14	CVE-2020-0601	Improper Certificate Validation vulnerability in multiple products A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. network microsoft golang CWE-295	5.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
NSA		2	0	12	0	2	14

News URL

Related news

Related Vulnerability

Related vendor