Local_demo_results.png | Loading last commit info... | |
README.md | ||
Showcase CVE-2022-34689.mp4 | ||
evil_coll.cer | ||
mitm_script.py | ||
msft_coll.cer | ||
serve_website.py | ||
vulnerability_local_demo.cpp |
CVE-2022-34689 - CryptoAPI spoofing vulnerability
This is the git repository for our research into CVE-2022-34689.
For more information about the vulnerability and its exploitation check out our blog.
The repository contains code for two types of PoCs: one exploiting Chrome v48 and another focusing on the vulnerable MD5 check in crypt32.dll.
Chrome v48 exploit
This code demonstrates the exploit on Chrome v48 (one that loads a vulnerable crypt32.dll, of course). It consists of two Python scripts and eventually spoofs Microsoft's identity.
Run it as follows:
Usage: mitm_script.py [path_to_modified_cert] [optional: interface_name] [optional: listening_address]
Example: sudo python3 mitm_script.py msft_coll.cer eth0 localhost
Local demo
The local demo is a program that takes a certificate and returns the trust status of its chainContext
.
It can be used to demonstrate the vulnerable MD5 check in crypt32.dll.
To run this demo, compile the file vulnerability_local_demo.cpp
.
Run the executable, and when prompted, provide two certificates that md5-collide (we provide sample certificates in this repository).
The program will return the same trustStatus even though the first certificate is legitimate and the second isn't.
Result example: