CVE-2020-0601: theory and practice

On the 14th of January 2020, Microsoft fixed CVE-2020-0601, a high severity vulnerability affecting the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. Corresponding advisories were issued by NSA and CERT on the same day. On the next day it got a few nicknames such as Chain of Fools, or CurveBall. Some internal details were given by Thomas Ptacek and Kudelski Security. The latter one inspired us to look at this vulnerability from a more practical point of view.

Subscribe to RSS - cve-2020-0601