Incident Response, TDR

Threat of the Month: Komodia libraries

What is it?

Komodia Redirector and SSL Digestor libraries provide a way for software to intercept HTTPS traffic. This is a feature commonly used by various security products. However, the Komodia libraries contain a flaw, allowing an attacker to spoof the identity of a web server or disclose and manipulate HTTPS traffic through man-in-the-middle attacks.

How does it work?

The Komodia libraries do not properly validate self-signed X.509 certificates. An attacker can insert alternative names into the certificate for the target domain to make the self-signed certificate appear valid and not display a warning in the browser.

Should I be worried?

Third-party libraries are used more and more to speed up the software development process and reduce cost. Unfortunately, software vendors rarely security audit libraries before using them. A number of privacy and parental control software has been confirmed to bundle the vulnerable library. Lenovo has even been shipping one of these products, Superfish, with certain laptops from October 2014 to December 2014.

How can I prevent it?

Lenovo stopped preinstalling Superfish in January 2015. Some affected products have removed the feature or issued fixes. Apply fixes if available or delete the offending program as well as the installed root CA certificate.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.