Proof-of-concept released for Windows CryptoAPI vulnerability
Proof-of-concept released for Windows CryptoAPI vulnerability
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
CVE-2022-34689 is a critical vulnerability in Windows CryptoAPI that was publicly announced by Microsoft in October 2022. The vulnerability allows an attacker to masquerade as a legitimate entity by exploiting the assumption that the certificate cache index key, based on MD5, is collision-free.