Improper Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning Functionality
CVE-2023-6056

7.4HIGH

Key Information:

Vendor: Bitdefender
Status: Total Security
Vendor: CVE Published:; 18 October 2024

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2023-6056?

A notable vulnerability exists within Bitdefender Total Security's HTTPS scanning functionality, leading to an insecure trust model for self-signed certificates. Specifically, the product accepts certificates signed using the RIPEMD-160 hashing algorithm without conducting the necessary validation. This flaw facilitates potential man-in-the-middle (MITM) SSL attacks, allowing malicious actors to intercept and manipulate secure connections to arbitrary websites. Users of affected versions are urged to take precautionary measures to ensure their online security.

Affected Version(s)

Total Security 0 < 27.0.25.115

References

https://www.bitdefender.com/support/security-advisories/i...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2024
Vulnerability Reserved
Nov 9, 2023