We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-6056

Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164)



AssignerBitdefender
Reserved2023-11-09
Published2024-10-18
Updated2024-10-18

Description

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites.



HIGH: 8.6CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Product status

Default status
unaffected

Any version before 27.0.25.115
affected

References

https://www.bitdefender.com/support/security-advisories/insecure-trust-of-self-signed-certificates-in-bitdefender-total-security-https-scanning-va-11164/

cve.org CVE-2023-6056

nvd.nist.gov CVE-2023-6056

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.