Multiple Vulnerabilities in GoSign Desktop leads to Remote Code Execution Name TLS Verification Bypass and Insecure Update in GoSign Desktop Systems Affected GoSign Desktop <= 2.4.0 Severity High 8.2/10 Impact CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Vendor https://www.infocert.it/ Advisory https://www.ush.it/team/ush/hack-gosign-desktop_240/gosign-desktop-exec.txt Authors Pasquale "sid" Fiorillo (sid AT ush DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) Marco Lunardi Date 20251003 I. BACKGROUND GoSign is an advanced and qualified electronic signature solution developed by Tinexta InfoCert S.p.A., used by public administrations, businesses, and professionals to manage approval workflows with traceability and security. The SaaS/web version of the product has received the "QC2" qualification from the Italian National Cybersecurity Agency (ACN). The QC2 qualification certifies a service's ability to securely handle critical data, including data processed by public administrations. Under ACN's regulation effective from August 1, 2024, cloud service providers for public entities must meet strict security and resilience requirements. This qualification enables public administrations to adopt certified solutions for safeguarding sensitive data and ensuring continuity of essential services. GoSign Desktop, subject of this advisory, is the on-premise version released for Microsoft Windows, Linux Ubuntu, and Apple macOS. II. DESCRIPTION We have identified a critical vulnerability in the GoSign Desktop software, developed by Tinexta InfoCert. The platform is widely used for signing, verifying, and managing electronic documents. In 2021 alone, it was used by 1.6 million people to perform over 830 million signing transactions, confirming its central role in the Italian and European digital ecosystem. GoSign Desktop disables TLS certificate validation (`SSL_VERIFY_NONE`) in the `libdgsapi.so` and `libcurl.so` modules when configured to use a proxy server, removing any assurance regarding server identity during encrypted communications. This compromises the security of TLS connections and opens the door to Man-in-the-Middle (MitM) attacks. Additionally, the update mechanism relies on an unsigned manifest, meaning security depends entirely on the TLS layer. We verified three attack scenarios that severely impact the security of GoSign Desktop users: Malicious software installation (Critical): A network attacker can deceive the client into installing fake updates, taking control of the machine with the privileges of the user running GoSign Desktop (Windows, macOS) or with administrative privileges (Linux). Credential theft (High): Access information (tokens, temporary passwords) can be intercepted because the application does not verify the server's identity. Privilege escalation (High): A local attacker with the same privileges as the GoSign Desktop user can enable proxy settings and inject a malicious update to gain full control of the system (Linux). III. ANALYSIS 1) TLS verification bypass The `GoSignDesktop` process, through `libdgsapi.so` and `libcurl.so`, disables TLS certificate verification by invoking `SSL_CTX_set_verify(mode=SSL_VERIFY_NONE)` when configured to use a proxy server. This setting completely disables certificate validation during the TLS handshake, effectively nullifying the authenticity and confidentiality guarantees of the TLS channel. As a result, a remote attacker can perform Man-in-the-Middle (MitM) attacks to intercept and manipulate traffic. Neither the authenticity of the InfoCert server nor the proxy server is verified. The vulnerability was confirmed in methods related to update checks (`UpdateManager::get_manifest`, `UpdateManager::check_and_download`) and OAuth renewal and authentication operations (`ISACBinder::refresh` and `UpdateManager::getIdentity`). However, it is plausible that any request originating from `libdgsapi.so` is affected by the same certificate validation issue. Tested and vulnerable versions due to lack of TLS certificate validation: - GoSign Desktop 2.4.0 (standard) Windows - GoSign Desktop 2.4.0 (standard) Linux The vendor confirms that the macOS version is also affected: - GoSign Desktop 2.4.0 (standard) macOS 1.1) Insecure Update The GoSign Desktop update mechanism relies on an unsigned manifest containing the package URL and its SHA-256 hash. A MitM attacker can provide a malicious manifest with a matching hash, tricking the client into downloading and installing a tampered package, resulting in remote code execution. Effectively, the update manifest's authentication is entirely delegated to the TLS layer, which is not validated-thus rendering all authenticity guarantees ineffective. This architecture is conceptually flawed: since the manifest is not digitally signed, it protects at most against accidental integrity issues (e.g., corrupted files) but offers no defense against active attacks. Without valid TLS and manifest signing, an attacker can replace both the package and its hash, fully bypassing the security mechanism. Instead of adopting established solutions for secure software distribution, a custom mechanism was implemented that reintroduces well-known, extensively documented risks. This design choice was avoidable given the availability of reliable, industry-standard approaches that would have ensured update integrity and authenticity. 1.2) Verified Security Impacts We have confirmed three concrete attack scenarios that severely compromise the security of GoSign Desktop: - OAuth Secrets Information Disclosure - Remote Code Execution - Privilege Escalation It is likely that additional attack vectors exist but have not yet been identified. Given the severity of the confirmed impacts, we immediately alerted the relevant authorities (ACN/CSIRT Italia) to ensure responsible and timely incident handling. 1.3) CVSS 3.1 CVSS Base Score: 8.2 CVSS Vector: AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.4) CWE Mappings CWE-295: Improper Certificate Validation - use of SSL_VERIFY_NONE / disabled TLS verification CWE-347: Improper Verification of Cryptographic Signature - absence of signature validation on manifests/metadata CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - OAuth secrets exposed over an unverified channel 2) Attack scenarios 2.1) MitM In a typical Man-in-the-Middle (MitM) attack scenario, an attacker positioned to intercept network traffic can respond to TLS requests initiated by GoSign Desktop by presenting a self-signed certificate. Since GoSign Desktop disables certificate validation when configured to use a proxy, the client establishes the connection without verifying the server's identity. The attacker can thus intercept and read sensitive requests and responses-specifically, OAuth calls may disclose secrets such as client_secret, JWT tokens, or refresh tokens. Simultaneously, the attacker can respond to update requests by providing a tampered manifest that points to a compromised package and includes the SHA-256 hash of the malicious payload. Because the client has neither TLS verification enabled nor a digital signature on the manifest, it downloads the update and executes the attacker's code with administrative (root) privileges if running on Linux, or with the privileges of the user running GoSign on Windows or macOS. 2.2) Privilege Escalation A second exploitation vector involves the preliminary compromise of the unprivileged user account running GoSign Desktop. A local attacker can independently modify the HTTP-PROXY settings in the configuration file ~/.gosign/dike.conf, causing the client to download a malicious update and thereby escalate privileges to root. Proof of Concept Video: https://www.ush.it/team/ush/hack-gosign-desktop_240/gosigndesktop_mitm_poc.mp4 Proof of Concept Exploit: https://www.ush.it/team/ush/hack-gosign-desktop_240/ IV. WORKAROUND Fix in GoSign Desktop 2.4.1 In version 2.4.1 of GoSign Desktop, released on 2025-11-04, a fix was introduced to verify the digital signature of the update manifest. However, the lack of TLS certificate validation when the application is configured to use a proxy remains unaddressed. - Information Disclosure of OAuth secrets - NOT FIXED - Remote Code Execution - FIXED - Privilege Escalation - FIXED VI. VENDOR RESPONSE Handling of Responsible Disclosure by Vendor Tinexta InfoCert Following the initial contact, the vendor was provided with all technical details of the vulnerability, the Proof of Concept (PoC), and mitigation suggestions-both via encrypted email and during a Teams call requested by the vendor and held on 2025-10-16 at 15:00. Present at the call were the InfoCert security officer and the product manager for GoSign Desktop. During the call, the vendor confirmed the vulnerability and agreed that October 31, 2025, was a reasonable deadline for releasing a fix. After this call, the vendor ceased all communication, failed to provide any further updates, and did not respond to subsequent contact attempts. On 2025-11-04, the fix was released publicly without any announcement from the vendor and without honoring the request to include a changelog acknowledgment. ACN/CSIRT Italia was notified about the vendor's improper handling of responsible disclosure best practices. VII. CVE INFORMATION Mitre is unresponsive. VIII. DISCLOSURE TIMELINE 2025-10-03: Vulnerability discovered 2025-10-04: Proof of Concept developed 2025-10-04: Initial contact attempt to InfoCert S.p.A. 2025-10-04: Concurrent notification sent to ACN/CSIRT Italia 2025-10-04: Response from ACN/CSIRT Italia acknowledging receipt and awaiting further developments 2025-10-07: Response from InfoCert Cyber Security Operation 2025-10-07: Technical details and evidence shared with the vendor 2025-10-09: InfoCert acknowledges the report and states the issue is under investigation 2025-10-16: Technical call with InfoCert; vulnerability confirmed; over 1 million users affected. Full technical details and remediation suggestions shared during the call 2025-10-26: Follow-up request for update sent to vendor; no response received 2025-11-04: Version 2.4.1 released; no communication or changelog from the vendor 2025-11-08: Further request for explanation and update sent to the vendor; no response 2025-11-14: Report submitted to ACN/CSIRT Italia regarding vendor's mishandling of disclosure process 2025-11-14: Advisory published IX. TECHNICAL DETAILS Collected evidence indicates that the disabling of TLS certificate verification is not an isolated anomaly: the `SSL_VERIFY_NONE` behavior is systematically applied during the initialization of TLS connections by GoSign Desktop when the proxy setting is enabled. To demonstrate this, a dynamic runtime instrumentation approach was used, intercepting OpenSSL APIs responsible for certificate verification configuration. The findings confirm that the application's default behavior sets the `SSL_VERIFY_NONE` flag and that certificate checks are explicitly disabled. In its current configuration, GoSign effectively functions as a backdoor installed on a vast number of systems used by major public administrations, ministries, and Italian enterprises. To observe this behavior at runtime, a hook library (LD_PRELOAD) was developed to intercept calls to `SSL_CTX_set_verify()` and `SSL_set_verify()` functions exported by the cryptographic libraries. --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- /* gcc -shared -fPIC -o log_ssl_verify.so log_ssl_verify.c -ldl -rdynamic */ #define _GNU_SOURCE #include #include #include #include #include typedef void (*ssl_ctx_set_verify_t)(void*, int, void*); typedef void (*ssl_set_verify_t)(void*, int); static ssl_ctx_set_verify_t real_SSL_CTX_set_verify = NULL; static ssl_set_verify_t real_SSL_set_verify = NULL; static void dump_backtrace(FILE *f) { void *buffer[50]; int nptrs = backtrace(buffer, 50); char **strings = backtrace_symbols(buffer, nptrs); if (strings != NULL) { for (int i = 0; i < nptrs; ++i) { fprintf(f, " %s\n", strings[i]); } free(strings); } else { fprintf(f, " \n"); } } void SSL_CTX_set_verify(void *ctx, int mode, void *cb) { if (!real_SSL_CTX_set_verify) { real_SSL_CTX_set_verify = (ssl_ctx_set_verify_t)dlsym(RTLD_NEXT, "SSL_CTX_set_verify"); } FILE *f = fopen("/tmp/gosign_ssl_verify.log", "a"); if (f) { fprintf(f, "PID %d: SSL_CTX_set_verify called with mode=%d\n", getpid(), mode); dump_backtrace(f); fclose(f); } if (real_SSL_CTX_set_verify) real_SSL_CTX_set_verify(ctx, mode, cb); } void SSL_set_verify(void *ssl, int mode) { if (!real_SSL_set_verify) { real_SSL_set_verify = (ssl_set_verify_t)dlsym(RTLD_NEXT, "SSL_set_verify"); } FILE *f = fopen("/tmp/gosign_ssl_verify.log", "a"); if (f) { fprintf(f, "PID %d: SSL_set_verify called with mode=%d\n", getpid(), mode); dump_backtrace(f); fclose(f); } if (real_SSL_set_verify) real_SSL_set_verify(ssl, mode); } --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- Process launch and log capture in `gosign_ssl_verify.log`: --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- export LD_PRELOAD=./log_ssl_verify.so /usr/lib/gosigndesktop/GoSignDesktop & disown --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- Startup log: --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- $ export LD_PRELOAD=./log_ssl_verify.so $ /usr/lib/gosigndesktop/GoSignDesktop & disown [1] 282062 $ Profile verified! Using @ffi-napi 2025-10-03 21:21:22.977 [info] info LoggerElectron initialized 2025-10-03 21:21:22.978 [info] Current log level: { verbose: false, defaultLogLevel: 'info' } 2025-10-03 21:21:23.191 [info] (main) homeDir is '/home/sid/.gosign' Creating certificate store: {"filename":"/home/sid/.gosign/certificates.db","autoload":true} Creating option store: {"filename":"/home/sid/.gosign/options.db","autoload":true} ~ Analytics ~ currentCustomization standard Native module: @ice/dike-core-linux x64 2025-10-03 21:21:23.200 [info] (DikeClients) Loading profile from: /usr/lib/gosigndesktop/resources/app/current-customization/profile.jwt 2025-10-03 21:21:23.200 [info] (DikeClients) Homepath for core library is '/home/sid/.gosign' HOME_PATH: /home/sid/.gosign 2025-10-03 21:21:23.201 [warn] (DikeClients) LIBRARY PATH __dirname IS STILL BROKEN, PLEASE CHECK ISSUE ON GITHUB!!! https://github.com/electron/electron/issues/8206 2025-10-03 21:21:23.201 [info] (DikeClients) ======================= PRODUCTION ENV ======================= Native module: @ice/dike-core-linux x64 Profile verified! 2025:10:03 21:21:23 (0xfd27cd80)[INFO][dgs] (prepare_tempdir): Removing session dir /home/sid/.gosign/sessiondir_7cb271e1 Scheduler -> getMessages Registering channel get-version Registering channel jobs-channel Registering channel add-jobs-channel Registering channel test-pin Registering channel set-configuration Registering channel get-session-params Registering channel device-list Registering channel change-pin Registering channel unlock-pin Registering channel unlock-ce-pin [..] --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- Contents of `gosign_ssl_verify.log` showing evidence of `SSL_CTX_set_verify(mode=0)` and the corresponding backtrace: --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- PID 282062: SSL_CTX_set_verify called with mode=0 ./log_ssl_verify.so(+0x1272) [0x796e00465272] ./log_ssl_verify.so(SSL_CTX_set_verify+0x9b) [0x796e004653e2] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x734f4) [0x796dfcabb4f4] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x7419f) [0x796dfcabc19f] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x74b09) [0x796dfcabcb09] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x1a8ef) [0x796dfca628ef] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x14ca5) [0x796dfca5cca5] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x189bf) [0x796dfca609bf] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x483e9) [0x796dfca903e9] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(curl_multi_perform+0xea) [0x796dfca9195a] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(curl_easy_perform+0x14b) [0x796dfca6c7eb] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs14NetworkRequest7executeEv+0x54e) [0x796df3d8dc9e] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs10ISACBinder7refreshERNS_12IdentityDataE+0x450) [0x796df3d733e0] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs10ISACBinder11getIdentityERNS_12IdentityDataEb+0x55d) [0x796df3d7ab5d] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(dgs_oauth_get_identity+0x1b7) [0x796df3c2efc7] /lib/x86_64-linux-gnu/libffi.so.8(+0x7b16) [0x796dfe7efb16] /lib/x86_64-linux-gnu/libffi.so.8(+0x43ef) [0x796dfe7ec3ef] /lib/x86_64-linux-gnu/libffi.so.8(ffi_call+0x12e) [0x796dfe7ef0be] /usr/lib/gosigndesktop/resources/app/node_modules/ffi-napi/build/Release/ffi_bindings.node(_ZN3FFI3FFI12AsyncFFICallEP9uv_work_s+0x23) [0x796dfcaef533] /usr/lib/gosigndesktop/GoSignDesktop(+0x18f14d4) [0x59e78df734d4] PID 282062: SSL_CTX_set_verify called with mode=0 ./log_ssl_verify.so(+0x1272) [0x796e00465272] ./log_ssl_verify.so(SSL_CTX_set_verify+0x9b) [0x796e004653e2] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x734f4) [0x796dfcabb4f4] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x7419f) [0x796dfcabc19f] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x74b09) [0x796dfcabcb09] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x1a8ef) [0x796dfca628ef] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x14ca5) [0x796dfca5cca5] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x189bf) [0x796dfca609bf] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x483e9) [0x796dfca903e9] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(curl_multi_perform+0xea) [0x796dfca9195a] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(curl_easy_perform+0x14b) [0x796dfca6c7eb] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs14NetworkRequest7executeEv+0x54e) [0x796df3d8dc9e] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs13UpdateManager12get_manifestERNS0_14UpdateManifestE+0x2bb) [0x796df3e2dc5b] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs13UpdateManager18check_and_downloadERNS_17UpdateManagerDataEb+0x178) [0x796df3e30bd8] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN5boost10statechart12simple_stateIN3dgs16WaitCheckRequestENS2_10UpdaterFSMENS_3mpl4listIN4mpl_2naES8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_EELNS0_12history_modeE0EE10react_implERKNS0_10event_baseEPKv+0x1e5) [0x796df3d0cb25] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs10UpdaterFSM18process_event_jsonE14DGS_FLOW_EVENTRKN8nlohmann10basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEblmdSaNS2_14adl_serializerES5_IhSaIhEEEE+0x43a) [0x796df3d0171a] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs7FlowFSM12processeventE14DGS_FLOW_EVENTRKN8nlohmann10basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEblmdSaNS2_14adl_serializerES5_IhSaIhEEEE+0x53) [0x796df3cccb73] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(dgs_flow_post_event+0xc5) [0x796df3c30085] /lib/x86_64-linux-gnu/libffi.so.8(+0x7b16) [0x796dfe7efb16] /lib/x86_64-linux-gnu/libffi.so.8(+0x43ef) [0x796dfe7ec3ef] /lib/x86_64-linux-gnu/libffi.so.8(ffi_call+0x12e) [0x796dfe7ef0be] /usr/lib/gosigndesktop/resources/app/node_modules/ffi-napi/build/Release/ffi_bindings.node(_ZN3FFI3FFI12AsyncFFICallEP9uv_work_s+0x23) [0x796dfcaef533] /usr/lib/gosigndesktop/GoSignDesktop(+0x18f14d4) [0x59e78df734d4] PID 282062: SSL_CTX_set_verify called with mode=0 ./log_ssl_verify.so(+0x1272) [0x796e00465272] ./log_ssl_verify.so(SSL_CTX_set_verify+0x9b) [0x796e004653e2] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x734f4) [0x796dfcabb4f4] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x7419f) [0x796dfcabc19f] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x74b09) [0x796dfcabcb09] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x1a8ef) [0x796dfca628ef] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x14ca5) [0x796dfca5cca5] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x189bf) [0x796dfca609bf] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x483e9) [0x796dfca903e9] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(curl_multi_perform+0xea) [0x796dfca9195a] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(curl_easy_perform+0x14b) [0x796dfca6c7eb] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcaCRLCache.so(+0x5873e) [0x796df2ae673e] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcaCRLCache.so(+0x59e85) [0x796df2ae7e85] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcaCRLCache.so(+0x2f884) [0x796df2abd884] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libdeSign.so(_Z9loadEUTSLv+0x26) [0x796df2098386] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs6Design13isTSLToUpdateE16DGS_COUNTRY_CODE+0x4a) [0x796df3c116fa] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs10TSLManager18check_TSLs_updatesEv+0xa7) [0x796df3e2bc07] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs4Core16tsl_checkupdatesERNS_7TSLDataE+0x2c) [0x796df3bb865c] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(dgs_tsl_checkupdates+0x87) [0x796df3c2f357] /lib/x86_64-linux-gnu/libffi.so.8(+0x7b16) [0x796dfe7efb16] /lib/x86_64-linux-gnu/libffi.so.8(+0x43ef) [0x796dfe7ec3ef] /lib/x86_64-linux-gnu/libffi.so.8(ffi_call+0x12e) [0x796dfe7ef0be] /usr/lib/gosigndesktop/resources/app/node_modules/ffi-napi/build/Release/ffi_bindings.node(_ZN3FFI3FFI12AsyncFFICallEP9uv_work_s+0x23) [0x796dfcaef533] /usr/lib/gosigndesktop/GoSignDesktop(+0x18f14d4) [0x59e78df734d4] PID 282062: SSL_CTX_set_verify called with mode=0 ./log_ssl_verify.so(+0x1272) [0x796e00465272] ./log_ssl_verify.so(SSL_CTX_set_verify+0x9b) [0x796e004653e2] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x734f4) [0x796dfcabb4f4] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x7419f) [0x796dfcabc19f] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x74b09) [0x796dfcabcb09] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x1a8ef) [0x796dfca628ef] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x14ca5) [0x796dfca5cca5] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x189bf) [0x796dfca609bf] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x483e9) [0x796dfca903e9] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(curl_multi_perform+0xea) [0x796dfca9195a] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(curl_easy_perform+0x14b) [0x796dfca6c7eb] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcaCRLCache.so(+0x5873e) [0x796df2ae673e] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcaCRLCache.so(+0x59e85) [0x796df2ae7e85] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcaCRLCache.so(+0x31007) [0x796df2abf007] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libdeSign.so(_Z26checkCountryCACertsUpdatesPc+0x2d) [0x796df20987bd] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs6Design13isTSLToUpdateE16DGS_COUNTRY_CODE+0xd0) [0x796df3c11780] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs10TSLManager18check_TSLs_updatesEv+0xa7) [0x796df3e2bc07] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs4Core16tsl_checkupdatesERNS_7TSLDataE+0x2c) [0x796df3bb865c] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(dgs_tsl_checkupdates+0x87) [0x796df3c2f357] /lib/x86_64-linux-gnu/libffi.so.8(+0x7b16) [0x796dfe7efb16] /lib/x86_64-linux-gnu/libffi.so.8(+0x43ef) [0x796dfe7ec3ef] /lib/x86_64-linux-gnu/libffi.so.8(ffi_call+0x12e) [0x796dfe7ef0be] /usr/lib/gosigndesktop/resources/app/node_modules/ffi-napi/build/Release/ffi_bindings.node(_ZN3FFI3FFI12AsyncFFICallEP9uv_work_s+0x23) [0x796dfcaef533] /usr/lib/gosigndesktop/GoSignDesktop(+0x18f14d4) [0x59e78df734d4] PID 282062: SSL_CTX_set_verify called with mode=0 ./log_ssl_verify.so(+0x1272) [0x796e00465272] ./log_ssl_verify.so(SSL_CTX_set_verify+0x9b) [0x796e004653e2] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x734f4) [0x796dfcabb4f4] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x7419f) [0x796dfcabc19f] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x74b09) [0x796dfcabcb09] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x1a8ef) [0x796dfca628ef] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x14ca5) [0x796dfca5cca5] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x189bf) [0x796dfca609bf] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(+0x483e9) [0x796dfca903e9] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(curl_multi_perform+0xea) [0x796dfca9195a] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libcurl.so.4(curl_easy_perform+0x14b) [0x796dfca6c7eb] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs14NetworkRequest7executeEv+0x54e) [0x796df3d8dc9e] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(_ZN3dgs14NetworkManager15checkConnectionEv+0xd2) [0x796df3d8ec92] /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/libdgsapi.so(dgs_check_connection+0x2b) [0x796df3c27e2b] /lib/x86_64-linux-gnu/libffi.so.8(+0x7b16) [0x796dfe7efb16] /lib/x86_64-linux-gnu/libffi.so.8(+0x43ef) [0x796dfe7ec3ef] /lib/x86_64-linux-gnu/libffi.so.8(ffi_call+0x12e) [0x796dfe7ef0be] /usr/lib/gosigndesktop/resources/app/node_modules/ffi-napi/build/Release/ffi_bindings.node(_ZN3FFI3FFI12AsyncFFICallEP9uv_work_s+0x23) [0x796dfcaef533] /usr/lib/gosigndesktop/GoSignDesktop(+0x18f14d4) [0x59e78df734d4] --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- Static analysis of the binary `/usr/lib/gosigndesktop/GoSignDesktop` returned a series of strings suggesting the existence of flags and parameters intended to disable TLS checks or log cryptographic information. These occurrences indicate that the code includes mechanisms (or supports parameters) which, if enabled, can alter certificate verification behavior or activate sensitive TLS key logging. --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- $ strings -n 1 /usr/lib/gosigndesktop/GoSignDesktop | grep -i -E 'ignore-certificate-errors|certificate-error|ignore-urlfetcher-cert-requests|ssl-key-log-file' > binary_relevant_strings.txt' $ cat binary_relevant_strings.txt certificate-error ssl-key-log-file argument missing ignore-urlfetcher-cert-requests ignore-certificate-errors-spki-list ssl-key-log-file ignore-certificate-errors [..] --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- To verify whether these parameters were passed to the running process, the command line of all GoSignDesktop processes was checked by reading their respective `/proc//cmdline`. On the analyzed systems, the binary's execution shows that child processes use various `--type` arguments (zygote, gpu-process, renderer, etc.) and internal options typical of Chromium/Electron-based runtimes, but no flags explicitly disabling TLS verification were found. --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- $ for p in $( pgrep -f GoSignDesktop ); do echo "=== PID $p ===" >> proc_cmdlines.txt; cat /proc/$p/cmdline 2>/dev/null | tr '\0' ' ' >> proc_cmdlines.txt || echo "no /proc/$p/cmdline" >> proc_cmdlines.txt; echo >> proc_cmdlines.txt; done $ cat proc_cmdlines.txt === PID 282062 === /usr/lib/gosigndesktop/GoSignDesktop === PID 282065 === /usr/lib/gosigndesktop/GoSignDesktop --type=zygote --no-zygote-sandbox === PID 282066 === /usr/lib/gosigndesktop/chrome-sandbox /usr/lib/gosigndesktop/GoSignDesktop --type=zygote === PID 282067 === /usr/lib/gosigndesktop/GoSignDesktop --type=zygote === PID 282069 === /usr/lib/gosigndesktop/GoSignDesktop --type=zygote === PID 282106 === /usr/lib/gosigndesktop/GoSignDesktop --type=gpu-process --field-trial-handle=13821780690570354888,7554827926380561664,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=OAAAAAAAAAAgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAA== --shared-files === PID 282114 === /usr/lib/gosigndesktop/GoSignDesktop --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=13821780690570354888,7554827926380561664,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --standard-schemes=file --secure-schemes=file --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --shared-files=v8_context_snapshot_data:100 === PID 282279 === /usr/lib/gosigndesktop/GoSignDesktop --type=renderer --field-trial-handle=13821780690570354888,7554827926380561664,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --standard-schemes=file --secure-schemes=file --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path=/usr/lib/gosigndesktop/resources/app --node-integration-in-worker --no-sandbox --no-zygote --preload=/usr/lib/gosigndesktop/resources/app/preload.js --context-isolation --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --shared-files=v8_context_snapshot_data:100 --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- HTTP traffic demonstrating the lack of a digital signature on the update manifest: --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- GET /gosign/download/update HTTP/1.1 Host: rinnovofirma.infocert.it Cookie: Accept: application/json Cache-Control: no-cache Connection: keep-alive HTTP/1.1 200 OK Date: Fri, 03 Oct 2025 21:44:39 GMT Server: Apache Content-Security-Policy: upgrade-insecure-requests; frame-ancestors none; object-src none X-Frame-Options: SAMEORIGIN Last-Modified: Thu, 04 Sep 2025 10:16:23 GMT ETag: "453-63df703669aaa" Accept-Ranges: bytes Content-Length: 1107 Vary: Accept-Encoding Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: application/json { "control":{ "probability": 100 }, "darwin": { "2.3.7": { "packages": { "dmg": { "any": { "url": "https://gosignupdates.infocert.it/gosign/standard/GoSignDesktop-standard-2.3.7-8aa7cbe.dmg", "sha256": "05ae06770253f2dadc9cce36b44d1198781eb874bb19fd10a10d8311749e4b84", "size": 163804666 , "releaseDate": "2025-05-26" } } }, "type": "MANDATORY" } }, "linux": { "2.4.0": { "packages": { "deb": { "64": { "url": "https://gosignupdates.infocert.it/gosign/standard/gosigndesktop_2.4.0_amd64.deb", "sha256": "02b7bc38365f3e456c4f41ef7ccd4bfa2134e54868345aad323823aabe740576", "size": 102522536, "releaseDate": "2025-04-04" } } }, "type": "MANDATORY" } } } --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- X. PoC The provided Proof of Concept targets a GoSign Desktop installation on Debian/Ubuntu Linux with amd64 architecture and simulates a local privilege escalation to root by a local attacker. After the exploit, you will need to reinstall GoSign Desktop by downloading it again from the official website, as it is replaced by the fake update package. The GoSign Desktop configuration is preserved. https://www.ush.it/team/ush/hack-gosign-desktop_240/gosigndesktop_mitm_poc.mp4 1) Build Compile the fake .deb update package and create the Python virtual environment with the dependencies required for the exploit: `make` 2) Run Configure the exploit to act as a proxy for GoSign Desktop in order to simulate the attack: `make run` 3) PoC Evidence After installing the fake .deb update package, you can verify the impact by checking the file: `cat /tmp/gosigndesktop_mitm_poc.log` 4) Cleanup You can remove the proxy configuration, the .deb file, and the virtual environment: `make clean` XI. REFERENCES No references. XII. CREDIT Pasquale "Sid" Fiorillo is credited with the discovery of this vulnerability with the contribution of Francesco "ascii" Ongaro and Marco Lunardi. Pasquale "sid" Fiorillo web site: http://www.ush.it/ mail: sid AT ush DOT it Francesco "ascii" Ongaro web site: http://www.ush.it/ mail: ascii AT ush DOT it XIII. LEGAL NOTICES Copyright (c) 2025 Pasquale "Sid" Fiorillo Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without mine express written consent. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email me for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.