A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.
Metrics
Affected Vendors & Products
References
History
Tue, 22 Oct 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Fri, 18 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Bitdefender
Bitdefender total Security |
|
CPEs | cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:* | |
Vendors & Products |
Bitdefender
Bitdefender total Security |
|
Metrics |
ssvc
|
Fri, 18 Oct 2024 08:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate. | |
Title | Insecure Trust of certificates using collision hash functions in Bitdefender Total Security HTTPS Scanning (VA-11239) | |
Weaknesses | CWE-295 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: Bitdefender
Published: 2024-10-18T07:59:02.244Z
Updated: 2024-10-18T15:25:37.785Z
Reserved: 2023-11-27T14:21:51.156Z
Link: CVE-2023-49567
Vulnrichment
Updated: 2024-10-18T15:25:33.461Z
NVD
Status : Analyzed
Published: 2024-10-18T08:15:03.143
Modified: 2024-10-22T16:39:16.370
Link: CVE-2023-49567
Redhat
No data.