CVE-2022-34689 – CryptoAPI spoofing vulnerability

浏览器安全 2年前 (2023) admin
476 0 0

CVE-2022-34689 – CryptoAPI spoofing vulnerability

This is the git repository for our research into CVE-2022-34689.

For more information about the vulnerability and its exploitation check out our blog.

The repository contains code for two types of PoCs: one exploiting Chrome v48 and another focusing on the vulnerable MD5 check in crypt32.dll.

Chrome v48 exploit

This code demonstrates the exploit on Chrome v48 (one that loads a vulnerable crypt32.dll, of course). It consists of two Python scripts and eventually spoofs Microsoft’s identity.

Run it as follows:

Usage: mitm_script.py [path_to_modified_cert] [optional: interface_name] [optional: listening_address]
Example: sudo python3 mitm_script.py msft_coll.cer eth0 localhost
Showcase.CVE-2022-34689.mp4

Local demo

The local demo is a program that takes a certificate and returns the trust status of its chainContext. It can be used to demonstrate the vulnerable MD5 check in crypt32.dll.

To run this demo, compile the file vulnerability_local_demo.cpp. Run the executable, and when prompted, provide two certificates that md5-collide (we provide sample certificates in this repository).

The program will return the same trustStatus even though the first certificate is legitimate and the second isn’t.

Result example:

CVE-2022-34689 - CryptoAPI spoofing vulnerability

 

版权声明:admin 发表于 2023年1月28日 上午9:16。
转载请注明:CVE-2022-34689 – CryptoAPI spoofing vulnerability | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...