cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
daveharvey
Level 2

CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability

Hi all,

 

The NSA and Microsoft recently flagged a vulnerability:

CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability

 

The details are posted on the MIST NVD (National Vulnerability Database):

https://nvd.nist.gov/vuln/detail/CVE-2020-0601

It states:

“A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates”

 

Does this affect the Flexera FlexNet Publisher Product that we are using to handle our product licencing?

We currently have verson 11.12.0.0

 

Thanks for your assistance.

0 Kudos
(1) Reply
bkelly
Flexera Alumni

Yes, it is save to assume that any tool, including FNP, will be affected and so it is strongly recommended that you install the Microsoft update to Windows that mitigates this vulnerability. 

0 Kudos