Google kaspersky lab4/22/2023 The problem, according to the researcher, was that the 32-bit key was not enough to prevent a man-in-the-middle (MitM) attacker from creating collisions. If a match is found for a key, they just pull the previously generated certificate and key out of the binary tree and start using it to relay data to the user-agent,” the expert added. “The cache is a binary tree, and as new leaf certificates and keys are generated, they’re inserted using the first 32 bits of MD5(serialNumber||issuer) as the key. If it has, it just grabs the existing certificate and private key and then reuses it for the new connection,” Ormandy explained in an advisory. ![]() In order to do this, Kaspersky fetches the certificate chain and then checks if it’s already generated a matching leaf certificate in the cache. “Kaspersky cache recently generated certificates in memory in case the user agent initiates another connection. This results in certificates appearing as if they have been issued by “Kaspersky Anti-Virus Personal Root Certificate” on systems running Kaspersky Antivirus. The company proxies SSL connections by adding its own certificate as a trusted authority to the system store and replacing all leaf (end-entity) certificates on the fly. According to the expert, Kaspersky uses a Windows Filtering Platform driver to intercept outgoing HTTPS connections. The first vulnerability, rated “critical” by Ormandy, is related to how Kaspersky Antivirus inspects SSL/TLS connections. ![]() The flaws were addressed by the security firm in late December. ![]() Google Project Zero researcher Tavis Ormandy has discovered two serious certificate-related issues in Kaspersky Lab’s anti-malware products.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |