Products > Security

NSA discovers huge security flaw in Microsoft’s Windows 10

<< < (3/3)

tombi:
Kind-of - I think it is basically the Vaudenay attack.
https://lasec.epfl.ch/pub/lasec/doc/Vau04b.pdf

I think you can include curve parameters in the signature algorithm identifier. It stupidly doesn't check these match the curve specified in the issuer cert's public key. It happily verifies the signature using the specified parameters and if it checks out the code is happy. It should be checking they match the curve specified in the algorithm identifier of the issuer's public key.

The thing is you can find a set of parameters that matches the issuer public key and the signature without knowing the issuer's private key. Hence you can make your own certificate that will checkout as signed by something trustworthy.

Forgive me if I have mangled this a bit but this is my understanding at the moment.

GeorgeOfTheJungle:

--- Quote from: ataradov on January 16, 2020, 04:32:48 am ---NSA was using this for ages, and then they probably realized that some other nation is aware of the issue too, so time to report.
--- End quote ---

Vladimir Putin!

"Microsoft Wins $10 Billion Department of Defense Cloud Contract"
https://nypost.com/2019/10/28/pentagon-hands-microsoft-10b-war-cloud-deal-snubs-amazon/

No worries!

bd139:
Technical information on the vulnerability https://blog.trailofbits.com/2020/01/16/exploiting-the-windows-cryptoapi-vulnerability/

Navigation

[0] Message Index

[*] Previous page

There was an error while thanking
Thanking...
Go to full version