This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
daveharvey
Level 2
‎Jan 24, 2020 05:24 AM

CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability

Hi all,

 

The NSA and Microsoft recently flagged a vulnerability:

CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability

 

The details are posted on the MIST NVD (National Vulnerability Database):

https://nvd.nist.gov/vuln/detail/CVE-2020-0601

It states:

“A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates”

 

Does this affect the Flexera FlexNet Publisher Product that we are using to handle our product licencing?

We currently have verson 11.12.0.0

 

Thanks for your assistance.

0 Kudos

(1) Reply
bkelly
Flexera Alumni
‎Jan 29, 2020 11:43 PM

Yes, it is save to assume that any tool, including FNP, will be affected and so it is strongly recommended that you install the Microsoft update to Windows that mitigates this vulnerability. 

0 Kudos