关联漏洞
标题:Microsoft Windows CryptoAPI 信任管理问题漏洞 (CVE-2020-0601)Description:Microsoft Windows CryptoAPI是美国微软(Microsoft)公司的一个在Windows 操作系统中添加的密码编译机能。作为资料加密与解密功能的重要基础,CryptoAPI 支持同步,异步的密钥加密处理,以及操作系统中的数字证书 的管理工作。 Microsoft Windows CryptoAPI (Crypt32.dll)中验证椭圆曲线加密(ECC)证书的方法存在信任管理问题漏洞。攻击者可通过使用欺骗性的代码签名证书利用该漏洞签名恶意的可执行文件。以下产品及版本受到影响:Micr
Description
Proof of Concept for CVE-2020-0601
介绍
# BADECPARAMS
Proof of Concept for CVE-2020-0601.
[badecparams.py](badecparams.py) generates an intermediate certificate
authority that exploits the vulnerability, then issues Authenticode and TLS
certificates. The TLS certificates have Extended Validation in Microsoft Edge
and Internet Explorer.
[httpd.py](httpd.py) serves the contents of the [www](www) subfolder over
HTTPS, using the PEM encoded certificate chain provided on the command line.
```shell
./badecparams.py
./httpd.py localhost.key
```
### Vulnerable Software
Windows Update is not vulnerable because it uses public key pinning and RSA
keys.
The latest Windows Defender antivirus definitions detect executables signed
with malicious Authenticode certificates, even on machines without Microsoft's
patch.
Microsoft Edge, Internet Explorer, and Chromium (and derivatives) are
vulnerable to the TLS variant. Firefox is not vulnerable because Mozilla's
Network Security Services (NSS) does not support explicit EC parameters and
uses its own implementation for certificate verification.
Chrome 79.0.3945.130 fixes the vulnerability and throws
`NET::ERR_CERT_INVALID`, even on machines without Microsoft's patch.
文件快照
[4.0K] /data/pocs/b7274a40054e224cb7487615121beb841474c014
├── [ 12K] badecparams.py
├── [4.3K] comodoecccertificationauthority-ev-comodoca-com-chain.pem
├── [ 861] httpd.py
├── [1.4K] README.md
├── [180K] screenshot2.png
├── [448K] screenshot3.png
├── [316K] screenshot.png
└── [4.0K] www
└── [ 205] index.html
1 directory, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。