curveball cryptoapi spoofing vulnerability
Security Research

CurveBall - CryptoAPI Spoofing Vulnerability [CVE-2020-0601]

This paper aims to explain the CVE-2020-0601, referred to as CurveBall, which is a web browser security vulnerability in which the signature of certificates is not correctly verified. The exploit targets Microsoft CryptoAPI, the program library that handles cryptographic functions for the Windows 10 operating system. The vulnerability affects the following famous browsers: Internet Explorer, Microsoft Edge, and Google Chrome.

Key Pointers:
  • Understanding the spoofing vulnerability while validating the Elliptic Curve Cryptography (ECC) certificates
  • Taking a look at the severity of the vulnerability
  • Understanding the attack scenario and setting up the lab for exploitation.
  • Exploiting the vulnerability and learning how to mitigate it
Get the Research Paper
Thank You for your interest in Safe Security!
Your request content is now available!
Invalid Inputs!

Brands that
trust our competence

Explore more
molina logo
icici logo
british telecom logo
munichre logo
newscorp logo
kfc logo