Websecure Ltd Information for VU#529496
Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys
Yesterday we released an update update to our software (Easy-Hide-IP VPN 3.0.2) that includes an updated version of Komodia WITHOUT the SSL component. The SSL component was used in Easy-Hide-IP Classic 126.96.36.199 to filter prvacy risks but is no longer included in the latest version application. Existing Easy-Hide-IP users are now being migrated to the combined VPN/Classic client and the old client is being retired.
The Komodia team have assured us that this version is 100% clear of any SSL modification.
Please let us know if you have any questions or comments.
We are not aware of further vendor information regarding this vulnerability.
Easy Hide IP Classic version 188.8.131.52.1 is affected.
If you have feedback, comments, or additional information about this vulnerability, please send us email.