Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-0601 PoC — Microsoft Windows CryptoAPI 信任管理问题漏洞

Source
https://github.com/0xxon/cve-2020-0601-utils
Associated Vulnerability
Title:Microsoft Windows CryptoAPI 信任管理问题漏洞 (CVE-2020-0601)
Description:A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Description
C++ based utility to check if certificates are trying to exploit CVE-2020-0601
File Snapshot

 [4.0K]  /data/pocs/b0ceacd4023d24c4b89ccbfce6b7e39109afea7d
├── [3.8K]  certificates
├── [3.0K]  certificates.hex
├── [3.1K]  checkCerts.cc
├── [3.1K]  checkCerts.hex.cc
├── [4.0K]  cppcodec
│   ├── [4.4K]  base32_crockford.hpp
│   ├── [1.3K]  base32_default_crockford.hpp
│   ├── [1.3K]  base32_default_hex.hpp
│   ├── [1.3K]  base32_default_rfc4648.hpp
│   ├── [3.1K]  base32_hex.hpp
│   ├── [3.1K]  base32_rfc4648.hpp
│   ├── [1.3K]  base64_default_rfc4648.hpp
│   ├── [1.3K]  base64_default_url.hpp
│   ├── [1.3K]  base64_default_url_unpadded.hpp
│   ├── [3.2K]  base64_rfc4648.hpp
│   ├── [3.4K]  base64_url.hpp
│   ├── [1.7K]  base64_url_unpadded.hpp
│   ├── [4.0K]  data
│   │   ├── [6.3K]  access.hpp
│   │   └── [2.3K]  raw_result_buffer.hpp
│   ├── [4.0K]  detail
│   │   ├── [6.2K]  base32.hpp
│   │   ├── [4.5K]  base64.hpp
│   │   ├── [ 12K]  codec.hpp
│   │   ├── [1.5K]  config.hpp
│   │   ├── [4.5K]  hex.hpp
│   │   └── [ 10K]  stream_codec.hpp
│   ├── [1.3K]  hex_default_lower.hpp
│   ├── [1.3K]  hex_default_upper.hpp
│   ├── [1.9K]  hex_lower.hpp
│   ├── [1.9K]  hex_upper.hpp
│   ├── [1.1K]  LICENSE
│   ├── [3.2K]  parse_error.hpp
│   └── [ 145]  README
├── [4.0K]  examples
│   ├── [1.9K]  bad.chain.b64
│   ├── [2.0K]  bad.chain.pem
│   ├── [ 756]  bad.root.b64
│   └── [ 822]  bad.root.pem
├── [4.0K]  fast-hex
│   ├── [8.6K]  hex.cc
│   ├── [1.2K]  hex.h
│   └── [1.0K]  LICENSE
├── [7.9K]  LICENSE
├── [ 579]  Makefile
├── [133K]  openssl_curves.c
└── [4.0K]  tools
    └── [ 219]  pem2b64.sh

6 directories, 42 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →