The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, a different vulnerability than CVE-2015-2077.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| http://www.us-cert.gov/cas/techalerts/TA15-051A.html | third party advisory us government resource |
| http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOq6Yvn8Fp4 | |
| http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOq6Yfn8Fp4 | |
| http://www.securitytracker.com/id/1031779 | vdb entry |
| http://www.kb.cert.org/vuls/id/529496 | third party advisory us government resource |
| https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339 | |
| https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/ | exploit |