daveharvey
Wanderer

CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability

Hi all,

 

The NSA and Microsoft recently flagged a vulnerability:

CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability

 

The details are posted on the MIST NVD (National Vulnerability Database):

https://nvd.nist.gov/vuln/detail/CVE-2020-0601

It states:

“A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates”

 

Does this affect the Flexera FlexNet Publisher Product that we are using to handle our product licencing?

We currently have verson 11.12.0.0

 

Thanks for your assistance.

0 Kudos
1 Reply
bkelly
Moderator Moderator
Moderator

Re: CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability

Yes, it is save to assume that any tool, including FNP, will be affected and so it is strongly recommended that you install the Microsoft update to Windows that mitigates this vulnerability. 

0 Kudos