Bitdefender Total Security Vulnerability Affects HTTPS Scanning Functionality
CVE-2023-6055

7.4HIGH

Key Information:

Vendor: Bitdefender
Status: Total Security
Vendor: CVE Published:; 18 October 2024

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2023-6055?

A security flaw has been discovered in the HTTPS scanning feature of Bitdefender Total Security, where the software inadequately validates website certificates. The issue arises when a site certificate does not possess the 'Server Authentication' specification in its Extended Key Usage extension. As a result, Bitdefender's software mistakenly considers such non-compliant certificates as valid. This vulnerability has the potential to enable attackers to execute Man-in-the-Middle (MITM) attacks, which could lead to unauthorized interception and modification of user communications with websites. Users are encouraged to stay updated with patches provided by Bitdefender to mitigate this risk.

Affected Version(s)

Total Security 0 < 27.0.25.115

References

https://bitdefender.com/support/security-advisories/impro...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2024
Vulnerability Reserved
Nov 9, 2023