Improper Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning Functionality
CVE-2023-6056

7.4HIGH

Key Information:

Vendor: Bitdefender
Status: Total Security
Vendor: CVE Published:; 18 October 2024

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2023-6056?

A notable vulnerability exists within Bitdefender Total Security's HTTPS scanning functionality, leading to an insecure trust model for self-signed certificates. Specifically, the product accepts certificates signed using the RIPEMD-160 hashing algorithm without conducting the necessary validation. This flaw facilitates potential man-in-the-middle (MITM) SSL attacks, allowing malicious actors to intercept and manipulate secure connections to arbitrary websites. Users of affected versions are urged to take precautionary measures to ensure their online security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Total Security 0 < 27.0.25.115

References

https://www.bitdefender.com/support/security-advisories/i...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2024
Vulnerability Reserved
Nov 9, 2023

JSON

Bitdefender

What is CVE-2023-6056?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.