Google Project Zero researcher Tavis Ormandy has discovered two serious certificate-related issues in Kaspersky Lab’s anti-malware products. The flaws were addressed by the security firm in late December.
The first vulnerability, rated “critical” by Ormandy, is related to how Kaspersky Antivirus inspects SSL/TLS connections. According to the expert, Kaspersky uses a Windows Filtering Platform driver to intercept outgoing HTTPS connections.
The company proxies SSL connections by adding its own certificate as a trusted authority to the system store and replacing all leaf (end-entity) certificates on the fly. This results in certificates appearing as if they have been issued by “Kaspersky Anti-Virus Personal Root Certificate” on systems running Kaspersky Antivirus.
“Kaspersky cache recently generated certificates in memory in case the user agent initiates another connection. In order to do this, Kaspersky fetches the certificate chain and then checks if it’s already generated a matching leaf certificate in the cache. If it has, it just grabs the existing certificate and private key and then reuses it for the new connection,” Ormandy explained in an advisory.
“The cache is a binary tree, and as new leaf certificates and keys are generated, they’re inserted using the first 32 bits of MD5(serialNumber||issuer) as the key. If a match is found for a key, they just pull the previously generated certificate and key out of the binary tree and start using it to relay data to the user-agent,” the expert added.
The problem, according to the researcher, was that the 32-bit key was not enough to prevent a man-in-the-middle (MitM) attacker from creating collisions. The expert said an attacker could have intercepted all traffic to a certain domain (e.g. mail.google.com) by sending the targeted Kaspersky Antivirus user two certificates with the same key.
A search of certificate transparency logs revealed, for instance, that the certificate used by Hacker News (news.ycombinator.com) had the same serialNumber/issuer hash as the certificate for the website of Manchester, Connecticut (manchesterct.gov).
“So if you use Kaspersky Antivirus in Manchester, Connecticut and were wondering why Hacker News didn’t work sometimes, it’s because of a critical vulnerability that has effectively disabled SSL certificate validation for all 400 million Kaspersky users,” the expert said.
The second vulnerability found by Ormandy, rated “high severity,” involves improper protection of the private key for the local CA root. The problem was that the security firm stored the private key in the ProgramData folder and used an ACCESS_MASK blacklist instead of a file system access control list (ACL) to protect it.
“This is trivial to exploit, any unprivileged user can now become a CA,” Ormandy said in an advisory describing the issue.
The flaws were reported to Kaspersky on October 31 and November 11 and they were addressed on December 28.
This was not the first time Ormandy discovered vulnerabilities in Kaspersky products. Since September 2015, the Google researcher reported identifying 17 security holes in Antivirus and other applications.