GoSign Desktop RCE flaws affecting users in Italy (ush.it)
GoSign is a desktop client used across Italian public administrations and enterprises for qualified electronic signatures, produced by Tinexta InfoCert, one of Europe’s major eIDAS-regulated trust service providers. Researchers found that versions ≤ 2.4.0 disable TLS certificate verification when a proxy is configured and use an unsigned update manifest. Combined, these flaws allow man-in-the-middle attacks and delivery of malicious updates leading to remote code execution.
8 comments
[ 2.9 ms ] story [ 31.1 ms ] thread