An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)


The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could potentially create their own cryptographic certificates that appear to originate from a legitimate certificate that is fully trusted by Windows by default.

Within a couple days of the disclosure, public Proof of Concepts (PoCs) began surfacing. Along with this came several explanations regarding the Elliptic Curve Cryptography (ECC) concepts involved with the vulnerability.

Read more…
Source: trend Micro