CurveBall/NSA disclosure: Windows fails to validate ECC certificate parameters enabling spoofing of code signing certificates and HTTPS connections. Apply January 2020 patches immediately. NSA publicly disclosed this — indicates active exploitation concerns.
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. CurveBall/Chain of Fools.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →