Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Embedded Server/Appliance)  >   Lenovo PC Vendors:   IBM
Lenovo Notebook Pre-Installed Software Lets Remote Users Spoof SSL Servers and Decrypt SSL Sessions
SecurityTracker Alert ID:  1031779
SecurityTracker URL:
CVE Reference:   CVE-2015-2077, CVE-2015-2078   (Links to External Site)
Updated:  Feb 25 2015
Original Entry Date:  Feb 23 2015
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Modification of authentication information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Lenovo Notebooks. A remote user can spoof SSL certificates and decrypt the target system's SSL traffic.

Lenovo Notebooks shipped between September 2014 and February 2015 include pre-installed software (i.e., Superfish VisualDiscovery and the Komodia Redirector and SSL Digestor libraries) with a trusted root certificate authority (CA) certificate for Superfish with a private key common to all affected Lenovo Notebooks. The private key is encrypted with the password "komodia".

A remote user with the ability to conduct a man-in-the-middle attack can issue certificates for arbitrary websites that will be accepted as valid by the target user's Lenovo Notebook, spoof the websites, and decrypt the target user's SSL traffic to/from those websites.

The following models may be affected:

G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14, Flex2 15, Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11, YOGA2-11
E Series: E10-30

The ThinkPad, ThinkCentre, Lenovo Desktop, ThinkStation, ThinkServer, and System x products are not affected.

Impact:   A remote user with the ability to conduct a man-in-the-middle attack can spoof SSL certificates and decrypt the target system's SSL traffic.
Solution:   The vendor has provided instructions to remove the vulnerable software.

Instructions to remove the Superfish VisualDiscovery, including the Komodia Redirector and SSL Digestor libraries, and the associated root CA certificate are available at:

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Authentication error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC