Full Disclosure mailing list archives
Re: GoAgent vulnerabilities: CA cert with known private key, TLS MITM
From: Dave Howe <davehowe.pentesting () gmail com>
Date: Fri, 06 Jun 2014 13:03:45 +0100
On 02/06/2014 21:13, David Fifield wrote:
There is an HTML version of this document with screenshots at https://www.bamsoftware.com/sec/goagent-advisory.html. * GoAgent installs a root CA certificate with a known private key * Test page * Mitigation * How to remove the GoAgent certificate
Yeah, seen this in the past with a bunch of similar spoofing proxy solutions. Webscarab for example. Solution is usually the same - replace the key material with your own. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- GoAgent vulnerabilities: CA cert with known private key, TLS MITM David Fifield (Jun 03)
- Re: GoAgent vulnerabilities: CA cert with known private key, TLS MITM Dave Howe (Jun 08)