CVE-2022-34689 – CryptoAPI spoofing vulnerability
This is the git repository for our research into CVE-2022-34689.
For more information about the vulnerability and its exploitation check out our blog.
The repository contains code for two types of PoCs: one exploiting Chrome v48 and another focusing on the vulnerable MD5 check in crypt32.dll.
Chrome v48 exploit
This code demonstrates the exploit on Chrome v48 (one that loads a vulnerable crypt32.dll, of course). It consists of two Python scripts and eventually spoofs Microsoft’s identity.
Run it as follows:
Usage: mitm_script.py [path_to_modified_cert] [optional: interface_name] [optional: listening_address]
Example: sudo python3 mitm_script.py msft_coll.cer eth0 localhost
Showcase.CVE-2022-34689.mp4
Local demo
The local demo is a program that takes a certificate and returns the trust status of its chainContext
. It can be used to demonstrate the vulnerable MD5 check in crypt32.dll.
To run this demo, compile the file vulnerability_local_demo.cpp
. Run the executable, and when prompted, provide two certificates that md5-collide (we provide sample certificates in this repository).
The program will return the same trustStatus even though the first certificate is legitimate and the second isn’t.
Result example: