A
ascii
Guest
GoSign is a desktop client used across Italian public administrations and enterprises for qualified electronic signatures, produced by Tinexta InfoCert, one of Europe’s major eIDAS-regulated trust service providers. Researchers found that versions ≤ 2.4.0 disable TLS certificate verification when a proxy is configured and use an unsigned update manifest. Combined, these flaws allow man-in-the-middle attacks and delivery of malicious updates leading to remote code execution.
Comments URL: https://news.ycombinator.com/item?id=45964835
Points: 73
# Comments: 21
Comments URL: https://news.ycombinator.com/item?id=45964835
Points: 73
# Comments: 21