> The cache is a binary tree, and as new leaf certificates and keys are generated, they're inserted using the first 32 bits of MD5(serialNumber||issuer) as the key.
You know. That's not a mistake. That's what a consciously designed-in vulnerability to enable taking over the system looks like.
There is no room for Hanlon's razor here. This was malice, not stupidity.
I'm not saying this is the case, but given the current climate, it's hard to say it isn't.
So, no, it's easy to say that it isn't.
Time and time again we see these ridiculous vulnerabilities but nothing changes. AV insists on massively increasing system attack surface under the guise of security.
Pre-bundled and even purchased AV is so dramatically deleterious to PC performance that MS should kill it as public service. It gives the entire ecosystem a bad reputation and nowadays is completely unnecessary.
The firewall/software generates a root certificate so that it can sign and serve 'fake' leaf (site) certificates on the fly. Because the root certificate is self-signed, however, most browsers/whatever won't automatically trust it, which is why the user/admin has to add the root certificate to each affected machine's browser or OS certificate trust store.
