SSL Certificate Verification Flaw in Kingsoft KDrive Personal
CVE-2013-5999

Currently unrated

Key Information:

Vendor: Kingsoft
Status: Kdrive
Vendor: CVE Published:; 22 November 2013

What is CVE-2013-5999?

Kingsoft KDrive Personal before version 1.21.0.1880 for Windows is susceptible to a vulnerability that compromises SSL certificate verification. This flaw enables a man-in-the-middle attacker to exploit crafted X.509 certificates, allowing them to impersonate legitimate servers. Consequently, sensitive information may be intercepted by attackers, compromising user data security.

References

http://faq.kdrive.jp/2013/11/19/pcappupdate.html

x_refsource_CONFIRM

http://jvn.jp/en/jp/JVN97810280/index.html

third-party-advisoryx_refsource_JVN

http://jvndb.jvn.jp/jvndb/JVNDB-2013-000108

third-party-advisoryx_refsource_JVNDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2013
Vulnerability Reserved
Oct 3, 2013