CVE-2015-2077

Name of the Vulnerable Software and Affected Versions Komodia Redirector with SSL Digestor (affected versions not specified) Lavasoft Ad-Aware Web Companion version 1.1.885.1766 Lavasoft Ad-Aware AdBlocker (alpha) version 1.3.69.1 Qustodio for Windows (affected versions not specified) Atom Security, Inc. StaffCop version 5.8

Description The issue concerns the use of the same X.509 certificate private key for a root CA certificate across different customers' installations of the Komodia Redirector with SSL Digestor SDK. This makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging knowledge of this key.

Recommendations For Lavasoft Ad-Aware Web Companion version 1.1.885.1766, consider removing or disabling the affected SDK until a patch is available. For Lavasoft Ad-Aware AdBlocker (alpha) version 1.3.69.1, restrict the use of the SSL Digestor functionality to minimize the risk of exploitation. For Qustodio for Windows, temporarily disable the Komodia Redirector with SSL Digestor until a fixed version is released. For Atom Security, Inc. StaffCop version 5.8, avoid using the affected root CA certificate and consider generating a new, unique certificate for each installation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.