This is a migrated thread and some comments may be shown as answers.

Fiddler vulnerable to CVE-2020-0601 (CurveBall) Vulnerability

1 Answer 117 Views
Fiddler Classic
This is a migrated thread and some comments may be shown as answers.
T
Top achievements
Rank 1
Veteran
T asked on 09 Jun 2020, 07:56 AM

You can test it here yourself: https://www.ssllabs.com/ssltest/viewMyClient.html
Just enable fiddler and allow the certificates... see the image below for details.

This makes automatically ignoring cert errors highly dangerous.

https://www.forbes.com/sites/daveywinder/2020/01/17/windows-10-security-alert-as-alarming-curveball-threat-just-got-very-real-indeed/#64b3292230d8

Please add an automatically revoke bad certs when errors pop up, its really annoying having to knock them out one by one, should be an automated process with such a streamlined program designed for maximum efficiency and productivity.

1 Answer, 1 is accepted

Sort by
0
Nick Iliev
Telerik team
answered on 10 Jun 2020, 05:59 AM

Hello T C,

 

Thank you for your feedback. While testing with the latest Chrome browser and Fiddler capturing I am not able to reproduce the issue and there is no vulnerability on my side.

Your user agent is not vulnerable.
For more information about the CVE-2020-0601 (CurveBall) Vulnerability, please go to CVE-2020-0601.
To test manually, click here. Your user agent is not vulnerable if it fails to connect to the site.

Note that using the "Ignore server certificate errors" option from the settings is considered unsafe (and actually marked with unsafe) and when activating this option via the UI it becomes red to underline the danger of this action. Each certificate error should be handled by the developer and Fiddler is just providing an option to overcome a temporary issues but the responsibility lies in the one who is actually testing the case.

Regards,
Nick Iliev
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
Tags
Fiddler Classic
Asked by
T
Top achievements
Rank 1
Veteran
Answers by
Nick Iliev
Telerik team
Share this question
or