A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate.
Metrics
Affected Vendors & Products
References
History
Tue, 22 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:* |
Mon, 21 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Bitdefender
Bitdefender total Security |
|
CPEs | cpe:2.3:a:bitdefender:total_security:-:*:*:*:*:*:*:* | |
Vendors & Products |
Bitdefender
Bitdefender total Security |
|
Metrics |
cvssV3_1
|
Fri, 18 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate. | |
Title | Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166) | |
Weaknesses | CWE-295 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: Bitdefender
Published: 2024-10-18T07:38:23.788Z
Updated: 2024-10-21T14:55:41.167Z
Reserved: 2023-11-09T14:17:12.339Z
Link: CVE-2023-6057
Vulnrichment
Updated: 2024-10-21T14:54:23.439Z
NVD
Status : Analyzed
Published: 2024-10-18T08:15:03.627
Modified: 2024-10-22T16:38:29.767
Link: CVE-2023-6057
Redhat
No data.