Websecure Ltd Information for VU#529496
Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys
- Vendor Information Help Date Notified: 20 Feb 2015
- Statement Date: 25 Feb 2015
- Date Updated: 26 Feb 2015
Yesterday we released an update update to our software (Easy-Hide-IP VPN 3.0.2) that includes an updated version of Komodia WITHOUT the SSL component. The SSL component was used in Easy-Hide-IP Classic 220.127.116.11 to filter prvacy risks but is no longer included in the latest version application. Existing Easy-Hide-IP users are now being migrated to the combined VPN/Classic client and the old client is being retired.
The Komodia team have assured us that this version is 100% clear of any SSL modification.
Please let us know if you have any questions or comments.
We are not aware of further vendor information regarding this vulnerability.
Easy Hide IP Classic version 18.104.22.168.1 is affected.
If you have feedback, comments, or additional information about this vulnerability, please send us email.