CVE-2015-2077

Komodia Redirector SDK - Exposure of Sensitive Information via Shared Root CA Certificate Private Key

Title source: llm
STIX 2.1

Description

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging knowledge of this key, as originally reported for Superfish VisualDiscovery on certain Lenovo Notebook laptop products.

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72693
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA15-051A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031779
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/529496
Various Sources x_refsource_misc
http://www.wired.com/2015/02/lenovo-superfish/

Scores

EPSS 0.0278
EPSS Percentile 84.6%

Details

CWE
CWE-200
Status published
Products (1)
komodia/redirector_sdk
Published Feb 24, 2015
Tracked Since Feb 18, 2026