Detections
Analytics
Komodia SSL Digestor Root CA Certificate Installed (Superfish)
medium Nessus Plugin ID 81425
Language:
Synopsis
The remote Windows host is affected by a man-in-the-middle vulnerability.Description
The remote Windows host has an application installed that uses the Komodia SSL Digestor SDK (e.g. Superfish Visual Discovery and KeepMyFamilySecure). It is, therefore, affected by an HTTPS man-in-the-middle vulnerability due to the installation of a non-unique root CA certificate associated with the SDK into the Windows trusted system certificate store. The private keys for many of these root CAs are publicly known. Furthermore, the SDK is insecurely implemented and websites that use specially crafted self-signed certificates will be reported as trusted to the user. Individual Firefox and Thunderbird profiles may also contain the compromised root CA certificates.A MitM attacker can exploit this vulnerability to read and/or modify communications encrypted via HTTPS without the user's knowledge.
Solution
If Superfish is installed, uninstall the application and root CA certificate using the instructions provided by Lenovo.Otherwise, contact the vendor for information on how to uninstall the application and the bundled root CA certificate.
See Also
http://www.nessus.org/u?1658aef1
https://blog.erratasec.com/2015/02/extracting-superfish-certificate.html
http://www.nessus.org/u?235e60a1
https://gist.github.com/Wack0/17c56b77a90073be81d3
https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/
https://support.lenovo.com/us/en/product_security/superfish
https://support.lenovo.com/us/en/product_security/superfish_uninstall
Plugin Details
Severity: Medium
ID: 81425
File Name: smb_superfish_root_ca_installed.nasl
Version: 1.13
Type: local
Agent: windows
Family: Windows
Published: 2/20/2015
Updated: 11/25/2019
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.5
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2015-2078
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:komodia:redirector_sdk
Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 9/21/2014
Reference Information
CVE: CVE-2015-2077, CVE-2015-2078
BID: 72693
CERT: 529496