Overview
Adtrustmedia PrivDog fails to validate SSL certificates, making systems broadly vulnerable to HTTPS spoofing.
Description
Adtrustmedia PrivDog is a Windows application that advertises "... safer, faster and more private web browsing." Privdog installs a Man-in-the-Middle (MITM) proxy as well as a new trusted root CA certificate. The MITM capabilities are provided by NetFilterSDK.com. Although the root CA certificate is generated at install time, resulting in a different certificate for each installation, Privdog does not use the SSL certificate validation capabilities that the NetFilter SDK provides. This means that web browsers will not display any warnings when a spoofed or MITM-proxied HTTPS website is visited. We have confirmed that PrivDog version 3.0.96.0 is affected. Adtrustmedia PrivDog is promoted by the Comodo Group, which is an organization that offers SSL certificates and authentication solutions. |
Impact
An attacker can spoof HTTPS sites and intercept HTTPS traffic without triggering browser certificate warnings in affected systems. |
Solution
Apply an update |
Uninstall PrivDog |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 8.5 | AV:N/AC:L/Au:N/C:C/I:P/A:N |
| Temporal | 8.1 | E:H/RL:W/RC:C |
| Environmental | 8.0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
- https://blog.hboeck.de/archives/865-Software-Privdog-worse-than-Superfish.html
- https://blog.hboeck.de/archives/866-PrivDog-wants-to-protect-your-privacy-by-sending-data-home-in-clear-text.html
- http://netfiltersdk.com/help/ProtocolFilters/FT_SSL.htm
- http://www.privdog.com/advisory.html
- http://www.privdog.com/
- https://help.comodo.com/topic-72-1-451-6840-.html
- https://help.comodo.com/topic-120-1-279-6108-.html
- https://filippo.io/Badfish/
- https://www.eff.org/deeplinks/2015/02/dear-software-vendors-please-stop-trying-intercept-your-customers-encrypted
Acknowledgements
This vulnerability was publicly reported by Hanno Bཬk.
This document was written by Will Dormann.
Other Information
| CVE IDs: | None |
| Date Public: | 2015-02-22 |
| Date First Published: | 2015-02-23 |
| Date Last Updated: | 2015-02-26 14:15 UTC |
| Document Revision: | 71 |