BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • An exploit has been created that allows hackers to forge a certificate and take over a legitimate site


    Akamai researchers have developed an experimental exploit (PoC) for a public x.509 certificate forgery vulnerability in Windows CryptoAPI that was exposed last year.

    Microsoft silently fixed bug CVE-2022-34689 in August 2022, but did not publicly disclose it until October. Researchers at Akamai this week published a PoC exploit that allows an attacker to forge a target certificate and masquerade as any site. In this case, the affected browser will display a green padlock icon indicating a secure connection, even if the connection is completely controlled by the hacker.

    CryptoAPI is a Windows Application Programming Interface that developers use to provide cryptography in their applications. One of the roles of CryptoAPI is the authentication of digital certificates. And it is in this function that there is a vulnerability, as the researchers said.

    To verify the authenticity of a certificate, CryptoAPI first checks to see if it already exists in the receiving application's certificate cache. If so, CryptoAPI treats the received certificate as verified. Prior to fixing the vulnerability, CryptoAPI checked for the existence of a certificate in the cache by simply comparing fingerprints of MD5 hashes. If the MD5 thumbprint of the received certificate matched the MD5 thumbprint of the certificate in the cache, CryptoAPI considered the received certificate to be verified, even if the actual content of the two certificates did not exactly match. This opens the door for cyber attacks to inject an attacker's certificate.

    Akamai experts first created 2 certificates - one with a legitimate signature and the other with a malicious one - and tweaked them so that they both had the same MD5 fingerprint. They then spoofed a real CryptoAPI certificate (in this case, an old version of Chrome - v48). After the application validated the certificate and stored it in the end certificate cache, Akamai showed how a cybercriminal could use a MiTM attack to pass a second malicious certificate to the same application and verify its authenticity.

    According to experts, once the MD5 fingerprint is calculated, the attack can be easily carried out. How the attacker performs the next two phases of the attack (serving two certificates) depends on the type of target application - in browsers, a simple connection reset after the first phase ends, the browser immediately tries to reconnect. At this point, the attack enters its second phase.

    Author DeepWeb
    Minnesota Medical Association urges regional authorities to decriminalize substances
    Iranian hackers use new backdoor to spy on Middle Eastern governments

    Comments 0

    Add comment