Websecure Ltd Information for VU#529496

Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys

Status

Affected

Vendor Statement

Yesterday we released an update update to our software (Easy-Hide-IP VPN 3.0.2) that includes an updated version of Komodia WITHOUT the SSL component. The SSL component was used in Easy-Hide-IP Classic 5.0.0.3 to filter prvacy risks but is no longer included in the latest version application. Existing Easy-Hide-IP users are now being migrated to the combined VPN/Classic client and the old client is being retired.

The Komodia team have assured us that this version is 100% clear of any SSL modification.

Please let us know if you have any questions or comments.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

Easy Hide IP Classic version 5.0.0.3.1 is affected.

If you have feedback, comments, or additional information about this vulnerability, please send us email.