Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Comment: Microsoft Windows CryptoAPI fails to properly validate certificates that use ECC

January 2020 by Ambuj Kumar, CEO of Fortanix

Yesterday it was announced that the Microsoft Windows CryptoAPI fails to properly validate certificates that use Elliptic Curve Cryptography (ECC), which may allow an attacker to spoof the validity of certificate chains.

Following the announcement of this vulnerability, Ambuj Kumar, CEO of Fortanix, has shared his insight:

“Elliptic curves have had a bad reputation. Microsoft’s disclosure today that "CryptoAPI fails to properly validate certificates that use Elliptic Curve Cryptography (ECC), which may allow an attacker to spoof the validity of certificate chains" and not providing a root cause leaves many questions unanswered. It’ll certainly not help with all the previous history of trustworthiness of ECC.”




See previous articles

    

See next articles