Quote:Sennheiser's HeadSetup and HeadSetup Pro applications added two Certification Authority (CA) certificates into the local system's Trusted Root CA store which exposed the users to spoofing attacks.

The attack resides in a handling error of the disclosed digital root certificates which can be used by remote attackers to issue their own certificates for server authentication and code signing.

Secorvo Security Consulting GmbH discovered the CVE-2018-17612 security issue caused by a critical implementation flaw which allows a potential attacker to obtain "the secret signing key of one of the clandestine planted root certificates."

After being informed about the security issue, Sennheiser started working on a patch for the HeadSetup software which should mitigate the bug, however, they haven't yet provided a fix.

Moreover, according to Secorvo, an updated version of HeadSetup which removes the disclosed root certificates will be released by Sennheiser at the end of November.

In order to allow HeadSetup users to protect themselves from this spoofing attack, Secorvo published a report with detailed information about the vulnerability, as well as a list of recommended mitigations.

The steps needed to mitigate the issue by end users are listed in Secorvo's vulnerability report in the "Risk Mitigation by Users" chapter which explains how to "remove the CA certificates added by the older and/or newer HeadSetup versions from the trusted root certificate store of their machine."