Notified: March 27, 2015

Statement Date: May 05, 2015

Status

Affected

Vendor Statement

ContentWatch was recently alerted to a potential security vulnerability related to Net Nanny's implementation of SSL/HTTPS content filtering. Although there have been no known exploits, ContentWatch took immediate action to resolve these issues in the Net Nanny product.



Two issues were identified, the first was that Net Nanny was using the same root Certificate Authority (CA) and Private Key (PK) across all installations of the product. The second was that Net Nanny was storing the Private Key in memory in a way that it could be captured and potentially exploited by a malicious program or process. A detailed description of the issues can be found at http://www.kb.cert.org/vuls/id/260780.



ContentWatch takes security very seriously and has resolved these issues with the release of Net Nanny for Windows v7.2.5.1. Specifically, the following technical changes were made to the SSL filtering implementation:



The SSL filtering setup process now generates a unique root CA/PK for each installation of Net Nanny.



Implemented more secure method calls for dealing with secure data in memory. This mitigates the risk of potential capture of the Private Key from memory. The Private Key is now encrypted using strong RSA encryption and is stored in the local database, which is also encrypted.



These changes are included in Net Nanny for Windows v7.2.5.1. Existing installations of Net Nanny for Windows can receive this new version via the update mechanism in the product. Those wishing to download this version immediately can do so here http://www.netnanny.com/downloads/



If you have any questions or concerns, please contact us at support@contentwatch.com.



Vendor Information

We are not aware of further vendor information regarding this vulnerability.