Tonec Internet Download Manager 6.42.41.1
Local test environment: Windows 10
This vulnerability allows attackers to bypass update protections, force installation of outdated vulnerable versions, and potentially exploit known flaws in them. This weakens software integrity and security posture.
SSL certificate not validated vulnerability
During the update of the Tonec Internet Download Manager, it will actively initiate a pair to the specified server
[POST] https://www.internetdownloadmanager.com/data/update641.txt?v=642b41&w=10.0&bl=19045&br=18
b'lng=9’
[POST] https://www.internetdownloadmanager.com/data/fv/idmupdt2.exe?v=642b41
b'lng=9’
Network requests for files (to obtain configuration or update information via HTTPS). However, the problem is that the file acquisition process has a lack of security verification - the authenticity of the source is not verified, and the server's certificate is not verified. However, idm locally verifies the installer's signature.
Attackers can inject outdated installer into clients through DNS hijacking, man-in-the-middle attacks, etc. Further analysis revealed that the software downloaded, which could be used by attackers to trigger downgrade attack.
A host or virtual machine is required (acting as a user + a host or virtual machine (acting as a fake server.)
To make it simpler, the user's hosts file is directly tampered with, and the relevant domain name is directly resolved to the IP address of the fake server
192.168.146.1 www.internetdownloadmanager.com
At the same time, the fake server also opened the corresponding service
✅ Step 1: Prepare the certificate
You will need two documents: