CurveBall

CurveBall (CVE-2020-0601) is a web browser security vulnerability and spoofing attack discovered and released by the NSA in 2020. The exploit targets Microsoft CryptoAPI, the program library that handles cryptographic functions for the Windows 10 operating system.[1][2] The vulnerability affects Microsoft Edge and Google Chrome.[3]

The name CurveBall was given to the attack by Tal Be'ery, a security researcher.[4]

References
  1. "Proof-of-concept exploits published for the Microsoft-NSA crypto bug". ZDNet.
  2. "Microsoft, NSA confirm killer Windows 10 bug, but a patch is available".
  3. "Bad Flaw in Windows 10 Also Affects Chrome Browser".
  4. Be'ery, Tal (2020-02-03). "CurveBall's Additional Twist: The Certificate Comparison Bug". ZenGo. Retrieved 2023-01-25.


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.