CVE-2023-6055

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product does not verify the certificate's compliance with the site, deeming such certificates as valid. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*

History

22 Oct 2024, 16:39

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.8
v2 : unknown
v3 : 7.4

22 Oct 2024, 16:00

Type Values Removed Values Added
References () https://bitdefender.com/support/security-advisories/improper-certificate-validation-in-bitdefender-total-security-https-scanning-va-11158/ - () https://bitdefender.com/support/security-advisories/improper-certificate-validation-in-bitdefender-total-security-https-scanning-va-11158/ - Vendor Advisory
First Time Bitdefender total Security
Bitdefender
CPE cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*
Summary
  • (es) Se ha identificado una vulnerabilidad en la función de análisis HTTPS de Bitdefender Total Security, en la que el software no puede validar correctamente los certificados de los sitios web. En concreto, si un certificado de sitio no tiene la especificación "Server Authentication" (Autenticación de servidor) en la extensión Extended Key Usage (Uso extendido de clave), el producto no verifica la conformidad del certificado con el sitio y considera que dichos certificados son válidos. Esta falla podría permitir a un atacante realizar un ataque Man-in-the-Middle (MITM), interceptando y potencialmente alterando las comunicaciones entre el usuario y el sitio web.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.8

18 Oct 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-18 08:15

Updated : 2024-10-22 16:39


NVD link : CVE-2023-6055

Mitre link : CVE-2023-6055

CVE.ORG link : CVE-2023-6055


JSON object : View

Products Affected

bitdefender

  • total_security
CWE
CWE-295

Improper Certificate Validation