A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites.
History

Tue, 22 Oct 2024 17:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N'}

cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}


Tue, 22 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N'}


Fri, 18 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Bitdefender
Bitdefender total Security
CPEs cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*
Vendors & Products Bitdefender
Bitdefender total Security
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 18 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites.
Title Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164)
Weaknesses CWE-295
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2024-10-18T07:31:23.425Z

Updated: 2024-10-18T15:27:35.942Z

Reserved: 2023-11-09T14:17:10.730Z

Link: CVE-2023-6056

cve-icon Vulnrichment

Updated: 2024-10-18T15:27:31.176Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-18T08:15:03.500

Modified: 2024-10-22T16:38:43.993

Link: CVE-2023-6056

cve-icon Redhat

No data.