Re: GoAgent vulnerabilities: CA cert with known private key, TLS MITM

Posted by David Fifield on Nov 01

It appears that this problem is now fixed. The software now generates a
CA certificate with an unpredictable private key when run for the first
time. The fix is in the released version 3.2.1.

https://github.com/goagent/goagent/compare/0e2eb37c098b2a5653aac24a6256f0d262d2be47…77c8e7f131f9eb7d857cded9c0bc2f662e80b78a

I’ve updated the advisory page.

David Fifield

Leave a Reply