CVE-2020-0601 Vulnerabilities

First CVE in the year 2020 has been released to the public and one of them is CVE-2020-0601 which it refers to Windows CryptoAPI Vulnerabilities in Microsoft Windows.

Before we go deep into the vulnerabilities, I would like to explain what is CryptoApi for those who are not aware of it.

Introduction to Cryptographic

Cryptographic Application Programming Interface or also been called CryptoAPI is a program that provides a Windows User to develop a secure environment by using Cryptography.

Cryptographic have been supporting both public key and symmetric key but it cannot support persistent symmetric key. This is due to the encrypt and decrypt the authentication by using digital signatures.

Source: A short introduction to Cryptographic Providers

For those who want to enumerate CryptoAPI, the user can run the following command in the Windows Operating System:

certutil -key

The output that will appear when the command above execute will show the user all the certificate key that resides the machine.

Details on CVE-2020-0601

Now, we will go deep into the vulnerabilities on CryptoAPI which listed as CVE-2020-0601.

CVE-2020-0601 is a vulnerability that will be defined as a bug that will allow the attacker to spoof the machine which it is exists in Crypt32.dll where it will validate the certificates such as Elliptic Curve Cryptography (ECC).

An experienced attacker will try to exploit the vulnerabilities via code-signing certificate which they will be spoofing to ensure the exploit will executable. The machine will think that the file comes from trusted sources and even the user will have no way of identifying it if the file was malicious file.

If the exploit considers as a success penetrates the system, the attacker could conduct Man-In-The-Middle attacks where the attacker can decrypt any sensitive and private information from user connections that related to the affected software.

For now, Microsoft has not released any workaround and migration to the public yet.

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *