Sennheiser App Installs Root Certificates, Exposes Computers to Spoofing Attacks
#1
Quote:Sennheiser's HeadSetup and HeadSetup Pro applications added two Certification Authority (CA) certificates into the local system's Trusted Root CA store which exposed the users to spoofing attacks.

The attack resides in a handling error of the disclosed digital root certificates which can be used by remote attackers to issue their own certificates for server authentication and code signing.

Secorvo Security Consulting GmbH discovered the CVE-2018-17612 security issue caused by a critical implementation flaw which allows a potential attacker to obtain "the secret signing key of one of the clandestine planted root certificates."

After being informed about the security issue, Sennheiser started working on a patch for the HeadSetup software which should mitigate the bug, however, they haven't yet provided a fix.

Moreover, according to Secorvo, an updated version of HeadSetup which removes the disclosed root certificates will be released by Sennheiser at the end of November.

In order to allow HeadSetup users to protect themselves from this spoofing attack, Secorvo published a report with detailed information about the vulnerability, as well as a list of recommended mitigations.

The steps needed to mitigate the issue by end users are listed in Secorvo's vulnerability report in the "Risk Mitigation by Users" chapter which explains how to "remove the CA certificates added by the older and/or newer HeadSetup versions from the trusted root certificate store of their machine."

Source: https://news.softpedia.com/news/sennheis...pd_sidebar&utm_medium=spd_newspage&utm_campaign=spd_related
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AMD prepares Linux support for new Low P...
AMD Linux patch ad...harlan4096 — 07:16
Opera 149.0.7827.197
Dear Opera Users! ...harlan4096 — 07:14
Privazer 4.0.124.1 (28 June 2026)
v4.0.124.1 (28 Jun...harlan4096 — 07:13
GlassWire 3.9.1102 - (June 29, 2026)
Version 3.9.1102 -...harlan4096 — 07:12
AMD Radeon Software Adrenalin 26.6.4 dri...
AMD Radeon Software...harlan4096 — 07:10

[-]
Birthdays
Today's Birthdays
avatar (43)uapedDow
avatar (47)suiscced
avatar (48)Angarpaf
avatar (41)clarissalo60
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (41)optsaZes
avatar (40)RaymondViata
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>