A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites.
References
Configurations
History
22 Oct 2024, 16:38
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
22 Oct 2024, 16:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.bitdefender.com/support/security-advisories/insecure-trust-of-self-signed-certificates-in-bitdefender-total-security-https-scanning-va-11164/ - Vendor Advisory | |
CPE | cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:* | |
Summary |
|
|
First Time |
Bitdefender total Security
Bitdefender |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
18 Oct 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-18 08:15
Updated : 2024-10-22 16:38
NVD link : CVE-2023-6056
Mitre link : CVE-2023-6056
CVE.ORG link : CVE-2023-6056
JSON object : View
Products Affected
bitdefender
- total_security
CWE
CWE-295
Improper Certificate Validation