[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] GoAgent vulnerabilities: CA cert with known private key, TLS MITM

To: fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] GoAgent vulnerabilities: CA cert with known private key, TLS MITM
From: Dave Howe <davehowe.pentesting@xxxxxxxxx>
Date: Fri, 06 Jun 2014 13:03:45 +0100

On 02/06/2014 21:13, David Fifield wrote:
> There is an HTML version of this document with screenshots at
> https://www.bamsoftware.com/sec/goagent-advisory.html.
>
>   * GoAgent installs a root CA certificate with a known private key
>       * Test page
>       * Mitigation
>       * How to remove the GoAgent certificate
Yeah, seen this in the past with a bunch of similar spoofing proxy
solutions. Webscarab for example.
Solution is usually the same - replace the key material with your own.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] GoAgent vulnerabilities: CA cert with known private key, TLS MITM
  - From: David Fifield

Prev by Date: [FD] Xornic Contact Us Form - Captcha Bypass / XSS
Next by Date: [FD] CVE-2014-3740 - SpiceWorks Cross-site scripting
Previous by thread: [FD] GoAgent vulnerabilities: CA cert with known private key, TLS MITM
Next by thread: [FD] CVE-2013-6876 s3dvt Root shell
Index(es):
- Date
- Thread