CurveBall (security vulnerability)

From HandWiki
Short description: Web browser security vulnerability on Microsoft Windows 10

CurveBall (CVE-2020-0601) is a web browser security vulnerability and spoofing attack discovered and released by the NSA in 2020. The exploit targets Microsoft CryptoAPI, the program library that handles cryptographic functions for the Windows 10 operating system.[1][2] The vulnerability affects Microsoft Edge and Google Chrome.[3]

The name CurveBall was given to the attack by Tal Be'ery, a security researcher.[4]

References

  1. "Proof-of-concept exploits published for the Microsoft-NSA crypto bug". https://www.zdnet.com/article/proof-of-concept-exploits-published-for-the-microsoft-nsa-crypto-bug/. 
  2. "Microsoft, NSA confirm killer Windows 10 bug, but a patch is available". https://www.pcworld.com/article/3514172/microsoft-nsa-confirm-killer-windows-10-bug-but-a-patch-is-available.html. 
  3. "Bad Flaw in Windows 10 Also Affects Chrome Browser". https://www.pcmag.com/news/bad-flaw-in-windows-10-also-affects-chrome-browser. 
  4. Be'ery, Tal (2020-02-03). "CurveBall's Additional Twist: The Certificate Comparison Bug" (in en). https://medium.com/zengo/curveballs-additional-twist-the-certificate-comparison-bug-2698aea445b5. 





Retrieved from "https://handwiki.org/wiki/index.php?title=CurveBall_(security_vulnerability)&oldid=3378775"