Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cR0w</span></a></span> too many.</p><ul><li>Jist like there are way too many applications suceptible to the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> of <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a>.</li></ul><p><a href="http://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">http://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></p><p>So far testing by <span class="h-card" translate="no"><a href="https://social.heise.de/@ct_Magazin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ct_Magazin</span></a></span> / <span class="h-card" translate="no"><a href="https://social.heise.de/@heiseonline" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>heiseonline</span></a></span> (and myseof later on) revealed only few <a href="https://infosec.space/tags/Apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apps</span></a> not vulnerable to this specifics <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a>:</p><ul><li><a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> (uses <span class="h-card" translate="no"><a href="https://mastodon.cc/@Mozilla" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mozilla</span></a></span> / <span class="h-card" translate="no"><a href="https://mastodon.social/@mozilla_support" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mozilla_support</span></a></span> / <a href="https://infosec.space/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mozilla</span></a> <a href="https://infosec.space/tags/NSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSS</span></a> & has it's own <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> certificate storage)</li><li><span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> (Mozilla NSS)</li><li><span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a> (Mozilla NSS; custom certificates)</li><li><a href="https://infosec.space/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> (uses <span class="h-card" translate="no"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bagder</span></a></span> <a href="https://infosec.space/tags/WolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WolfSSL</span></a> and manages it's own certs)</li></ul><p>Anything else that uses the CryptoAPI is, espechally *all <a href="https://infosec.space/tags/Chromium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chromium</span></a>-Forks (aka. All Browsers except Firefox, Tor Browser, <a href="https://infosec.space/tags/dillo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dillo</span></a>, <a href="https://infosec.space/tags/LynxBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LynxBrowser</span></a>…)</p>