Proof-of-concept released for Windows CryptoAPI vulnerability

Threat Advisories

Proof-of-concept released for Windows CryptoAPI vulnerability

February 1, 2023
Threat Level
Red
Attack Report

For a detailed threat advisory, download the pdf file here

Summary

CVE-2022-34689 is a critical vulnerability in Windows CryptoAPI that was publicly announced by Microsoft in October 2022. The vulnerability allows an attacker to masquerade as a legitimate entity by exploiting the assumption that the certificate cache index key, based on MD5, is collision-free.

Recent Posts

Join Our Newsletter 14,000+ subscribers and growing! Get top cybersecurity news delivered directly to your inbox.
Sign Up to Receive Our Weekly Threat Digest