CurveBall Microsoft Windows CryptoAPI Spoofing Proof Of Concept

Proof of concept exploit for the Microsoft Windows CurveBall vulnerability where the signature of certificates using elliptic curve cryptography (ECC) is not correctly verified. ECC relies on different parameters. These parameters are standardized for many curves. However, Microsoft did not check all these parameters. The parameter G (the generator) was not checked, and the attacker can therefore supply his own generator, such that when Microsoft tries to validate the certificate against a trusted CA, it will only look for matching public keys, and then use then use the generator of the certificate.

MD5 | e2fb60e1e15f840f86c3c095bba4a104

Related Posts