Proof-of-concept released for Windows CryptoAPI vulnerability

Threat Level – Red | Vulnerability Report
Download PDF

CVE-2022-34689 is a critical vulnerability in Windows CryptoAPI that was publicly announced by Microsoft in October 2022. The vulnerability allows an attacker to masquerade as a legitimate entity by exploiting the assumption that the certificate cache index key, based on MD5, is collision-free.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox