CVE-2020-0601 ("Curveball") Test Page

This page will test if you are vulnerable to CVE-2020-0601, the Windows CryptoAPI vulnerability. You may be vulnerable if you are using Windows 10, Windows Server 2016 or 2019. Firefox will not be vulnerable. It does not use the Windows CryptoAPI. Chrome may show up as not vulnerable due to certificate transparency issues.

For more details, see Bojan's post about this page.

You Are Vulnerable

You Are Not Vulnerable

We also have a simple, improperly signed, Windows executable you can download here: SANSISC_signed_fake.zip (password: curveball). Note that up to date Windows Defender, even without the January patch, will recognized this as malcious. Other anti-malware may as well. (Thx Didier for creating the sample executable and to Bojan for creating the certificates).