AdTrustMedia Affected

Updated:  February 23, 2015

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Addendum

We have confirmed that PrivDog 3.0.96.0 is affected. Note that the above advisory has several inaccuracies. "The issue potentially affects a very limited number of websites." This is incorrect, as the impact of disabling SSL validation means that every website visited on a vulnerable system is affected. "In some circumstances self-signed certificates do not trigger a browser warning but encryption is still provided to the end user, hence security via encryption remains intact." While encryption may still be present between the client system and the web server, encryption is only one aspect of SSL or TLS. Authentication capabilities are completely disabled when PrivDog is installed. "The potential issue is only present if a user visits a site that actually has a self-signed certificate." This is incorrect, as any legitimate site that is visited can fall victim to a MITM attack.

COMODO Security Solutions, Inc. Not Affected

Notified:  February 23, 2015 Updated: February 26, 2015

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

COMODO products never distributed the mentioned edition(Desktop version of PrivDog, which has a totally different architecture). In security industry, the term "adware" is a type of malicious code which displays unwanted ads. Ad supported apps such as MSN Messenger or Skype or PrivDog are not classified as adware because 1 - The users consent is received 2 - It can be disabled or the product can be uninstalled We are an antivirus company and like other vendors, follow such methodologies while classifying it.

NetFilterSDK.com Unknown

Updated:  February 23, 2015

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Addendum

NetFilter SDK has SSL certificate validation capabilities, however the demonstration application that comes with the SDK doesn't use those capabilities.