A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.
References
Configurations
History
22 Oct 2024, 16:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.bitdefender.com/support/security-advisories/insecure-trust-of-certificates-using-collision-hash-functions-in-bitdefender-total-security-https-scanning-va-11239/ - Vendor Advisory | |
CPE | cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
Summary |
|
|
First Time |
Bitdefender
Bitdefender total Security |
18 Oct 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-18 08:15
Updated : 2024-10-22 16:39
NVD link : CVE-2023-49567
Mitre link : CVE-2023-49567
CVE.ORG link : CVE-2023-49567
JSON object : View
Products Affected
bitdefender
- total_security
CWE
CWE-295
Improper Certificate Validation