HTTPS scanning in Kaspersky antivirus exposed users to MITM attacks
Security vendor Kaspersky Lab has updated its antivirus products to fix an issue that exposed users to traffic interception attacks.
The problem was found by Google vulnerability researcher Tavis Ormandy in the SSL/TLS traffic inspection feature that Kaspersky Anti-Virus uses to detect potential threats hidden inside encrypted connections.
Like other endpoint security products, Kaspersky Anti-Virus installs a self-signed root CA certificate on computers and uses it to issue “leaf,” or interception, certificates for all HTTPS-enabled websites accessed by users. This allows the product to decrypt and then re-encrypt connections between local browsers and remote servers.