Dell eDellRoot Certificate Spoofing Vulnerability
Last Update Date:
7 Dec 2015
Release Date:
25 Nov 2015
3986
Views
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
A vulnerability was identified in Dell Foundation Services of Dell systems. It installs the eDellRoot certificate that includes a private key on Microsoft Windows systems. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle (MiTM), and passive decryption attacks.
Impact
- Information Disclosure
- Spoofing
- Data Manipulation
System / Technologies affected
- Dell systems with Dell Foundation Services installed
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Revoke eDellRoot Certificate
Using the Windows certificate manager (certmgr.msc), move the eDellRoot certificate from the Trusted Root Certificate Store to Untrusted Certificates. Please follow these steps. - Remove eDellRoot Certificate
Dell has issued guidance to remove the eDellRoot certificate in this blog post. It is important to both remove the eDellRoot certificate and the DFS component that re-installs the certificate. Please follow these steps.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
- http://www.kb.cert.org/vuls/id/870761
- http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate
- http://joenord.blogspot.in/2015/11/new-dell-computer-comes-with-edellroot.html
- https://blog.hboeck.de/archives/876-Superfish-2.0-Dangerous-Certificate-on-Dell-Laptops-breaks-encrypted-HTTPS-Connections.html
Share with