A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.
Metrics
Affected Vendors & Products
References
History
Tue, 22 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Fri, 18 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Bitdefender
Bitdefender total Security |
|
CPEs | cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:* | |
Vendors & Products |
Bitdefender
Bitdefender total Security |
|
Metrics |
ssvc
|
Fri, 18 Oct 2024 08:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications. | |
Title | HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167) | |
Weaknesses | CWE-295 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: Bitdefender
Published: 2024-10-18T07:52:08.678Z
Updated: 2024-10-18T15:26:30.132Z
Reserved: 2023-11-09T14:17:13.316Z
Link: CVE-2023-6058
Vulnrichment
Updated: 2024-10-18T15:26:25.809Z
NVD
Status : Analyzed
Published: 2024-10-18T08:15:03.737
Modified: 2024-10-22T16:00:05.110
Link: CVE-2023-6058
Redhat
No data.