curveball cryptoapi spoofing vulnerability
Security Research

CurveBall - CryptoAPI Spoofing Vulnerability [CVE-2020-0601]

This paper aims to explain the CVE-2020-0601, referred to as CurveBall, which is a web browser security vulnerability in which the signature of certificates is not correctly verified. The exploit targets Microsoft CryptoAPI, the program library that handles cryptographic functions for the Windows 10 operating system. The vulnerability affects the following famous browsers: Internet Explorer, Microsoft Edge, and Google Chrome.

Key Pointers:
  • Understanding the spoofing vulnerability while validating the Elliptic Curve Cryptography (ECC) certificates
  • Taking a look at the severity of the vulnerability
  • Understanding the attack scenario and setting up the lab for exploitation.
  • Exploiting the vulnerability and learning how to mitigate it

Brands that
trust our competence

Explore more
kfc logo
discover logo
adp logo
adbed bath beyond logo
expedia logo
chipotle logo
Mosaic Insurance logo
dell logo
fannie-mae logo
 maersk logo
 gsk logo
 wiz logo
 bt logo