关键漏洞信息 Vulnerability ID: VU#529496 Release Date: 2015-02-19 Last Revised: 2015-03-17 Overview Description: Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, exposing systems to HTTPS spoofing. Impact Summary: An attacker can spoof HTTPS sites and intercept HTTPS traffic without triggering browser certificate warnings on affected systems. Solutions Apply an update: Developers using Komodia libraries should update their applications. Uninstall software: Remove software and root CA certificates linked to the Komodia Redirector SDK. Vendor Information Affected Vendors: Atom Security, DyKnow, Infowese, KeepMyFamilySecure, Komodia, Kurupira, Lavasoft, Lenovo, Qustodio, Superfish CVSS Metrics Additional Links Extracting Superfish Certificate Komodia Ad Injection SDK Badfish Details Komodia Superfish SSL Validation Broken Lenovo Adware Alerts