badssl.com icon indicating copy to clipboard operation
badssl.com copied to clipboard
verified publisher icon chromium

Add a BERserk test

Open FiloSottile opened this issue 8 years ago • 2 comments

BERserk was a vulnerability in signature verification is NSS.

You can generate a certificate to exploit it with https://github.com/FiloSottile/BERserk.

A compatible (e=3) root that was trusted by NSS at the time is here https://github.com/FiloSottile/Badfish/commit/f723695fa56edcf4c8000992e981ff0cd7bd59a3.

FiloSottile avatar Jul 17 '17 14:07 FiloSottile

You can generate a certificate to exploit it with https://github.com/FiloSottile/BERserk.

Is it possible to get a publicly trusted certificate that way?

lgarron avatar Jul 18 '17 15:07 lgarron

Yes, by using it with the GoDaddy root I linked.

Of course it will only validate with a vulnerable version of NSS.

FiloSottile avatar Jul 18 '17 16:07 FiloSottile