Dell eDellRoot / DSDTestProvider Root CA Certificates Installed

medium Nessus Plugin ID 87013

Synopsis

The remote Windows host is affected by a man-in-the-middle vulnerability.

Description

The remote Windows host is affected by a man-in-the-middle (MitM) vulnerability due to the installation of a non-authorized root CA certificate into the Windows trusted system certificate store. The private keys for many of these root CAs are publicly known.
Furthermore, websites that use specially crafted self-signed certificates will be reported as trusted to the user. Individual Firefox and Thunderbird profiles may also contain the compromised root CA certificates.

A MitM attacker can exploit this vulnerability to read and/or modify communications encrypted via HTTPS without the user's knowledge.

Solution

Uninstall the eDellRoot and DSDTestProvider root CA certificates per the vendor knowledge base article.

See Also

https://zmap.io/dell/

http://www.dell.com/support/article/us/en/04/SLN300321

Plugin Details

Severity: Medium

ID: 87013

File Name: smb_edell_root_ca_installed.nasl

Version: 1.10

Type: local

Agent: windows

Family: Windows

Published: 11/23/2015

Updated: 2/1/2022

Asset Inventory: true

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion

Vulnerability Publication Date: 11/22/2015

Reference Information

CERT: 870761, 925497