DSA Signature Vulnerability in Bitdefender Total Security HTTPS Scanning
CVE-2023-6057

7.4HIGH

Key Information:

Vendor: Bitdefender
Status: Total Security
Vendor: CVE Published:; 18 October 2024

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2023-6057?

A security issue has emerged in Bitdefender Total Security, specifically affecting its HTTPS scanning feature. The vulnerability centers around the improper validation of certificates that are issued using the DSA signature algorithm. This flaw allows the software to inadequately check the certificate chain, creating an avenue for attackers to potentially perform man-in-the-middle SSL attacks, thereby intercepting and manipulating the communication with arbitrary sites using malicious DSA-signed certificates. For more detailed information, please refer to the official security advisory.

Affected Version(s)

Total Security 0 < 27.0.25.115

References

https://www.bitdefender.com/support/security-advisories/i...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2024
Vulnerability Reserved
Nov 9, 2023