ByteOS Network

NVD Vulnerability Details :

CVE-2015-2077

Deferred

Source-cve@mitre.org

Published At-24 Feb, 2015 | 23:59

Updated At-12 Apr, 2025 | 10:46

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging knowledge of this key, as originally reported for Superfish VisualDiscovery on certain Lenovo Notebook laptop products.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

komodia>>redirector_sdk>>-

cpe:2.3:a:komodia:redirector_sdk:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOq6Yfn8Fp4	cve@mitre.org	Exploit
http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOq6Yvn8Fp4	cve@mitre.org	N/A
http://marcrogers.org/2015/02/19/lenovo-installs-adware-on-customer-laptops-and-compromises-all-ssl/	cve@mitre.org	N/A
http://news.lenovo.com/article_display.cfm?article_id=1929	cve@mitre.org	N/A
http://support.lenovo.com/us/en/product_security/superfish	cve@mitre.org	N/A
http://www.kb.cert.org/vuls/id/529496	cve@mitre.org	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/72693	cve@mitre.org	N/A
http://www.securitytracker.com/id/1031779	cve@mitre.org	N/A
http://www.theguardian.com/technology/2015/feb/19/lenovo-accused-compromising-user-security-installing-adware-pcs-superfish	cve@mitre.org	N/A
http://www.us-cert.gov/cas/techalerts/TA15-051A.html	cve@mitre.org	Third Party Advisory US Government Resource
http://www.wired.com/2015/02/lenovo-superfish/	cve@mitre.org	N/A
https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/	cve@mitre.org	Exploit
https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339	cve@mitre.org	N/A
http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOq6Yfn8Fp4	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOq6Yvn8Fp4	af854a3a-2127-422b-91ae-364da2661108	N/A
http://marcrogers.org/2015/02/19/lenovo-installs-adware-on-customer-laptops-and-compromises-all-ssl/	af854a3a-2127-422b-91ae-364da2661108	N/A
http://news.lenovo.com/article_display.cfm?article_id=1929	af854a3a-2127-422b-91ae-364da2661108	N/A
http://support.lenovo.com/us/en/product_security/superfish	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.kb.cert.org/vuls/id/529496	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/72693	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id/1031779	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.theguardian.com/technology/2015/feb/19/lenovo-accused-compromising-user-security-installing-adware-pcs-superfish	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.us-cert.gov/cas/techalerts/TA15-051A.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory US Government Resource
http://www.wired.com/2015/02/lenovo-superfish/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/	af854a3a-2127-422b-91ae-364da2661108	Exploit
https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339	af854a3a-2127-422b-91ae-364da2661108	N/A