What vulnerabilities were found in Bitdefender Total Security?

Bitdefender identified multiple vulnerabilities related to improper certificate validation in its HTTPS scanning functionality. These vulnerabilities could allow attackers to conduct Man-in-the-Middle (MITM) attacks, potentially intercepting and modifying user communications.

What are the specific CVEs associated with Bitdefender’s HTTPS scanning vulnerabilities?

The vulnerabilities include CVE-2023-6055, CVE-2023-6056, CVE-2023-6057, CVE-2023-49567, and CVE-2023-49570. Each vulnerability has a CVSS score of 8.6 and relates to improper certificate validation, such as trusting invalid, self-signed, or collision-prone certificates.

What is the impact of the vulnerabilities in Bitdefender’s Total Security?

The vulnerabilities allow potential attackers to conduct MITM attacks by exploiting Bitdefender's improper HTTPS certificate validation. Attackers could intercept or modify user communications using rogue certificates, creating a significant security risk.

What should users do to protect themselves from these vulnerabilities?

Users are strongly advised to update Bitdefender Total Security to version 27.0.25.115 or later to mitigate the risks associated with the identified vulnerabilities. The update is automatic, but users should ensure their software is up to date.

Advisory

Bitdefender Total Security fixes multiple flaws classified as high severity, just below critical

published: Oct. 19, 2024

Take action: Update your Bitdefender Total Security. This is not optional, and it should have happened automatically. Check that you have the 27.0.25.115 version or later. If not, update ASAP.

Learn More

Bitdefender fixes multiple vulnerabilities related to improper certificate validation in its HTTPS scanning functionality in their Total Security product.

Bitdefender Total Security is a cybersecurity suite that provides advanced protection against malware, ransomware, phishing, and other online threats across multiple platforms, including Windows, macOS, Android, and iOS devices.

These flaws allow potential attackers to conduct Man-in-the-Middle (MITM) attacks, enabling interception and modification of user communications.

Details of Vulnerabilities

CVE-2023-6055 (CVSS score 8.6) - This vulnerability arises from Bitdefender’s failure to properly validate website certificates. It incorrectly deems certificates valid even when the "Server Authentication" specification is missing in the Extended Key Usage extension.
CVE-2023-6056 (CVSS score 8.6) - Bitdefender improperly trusts self-signed certificates signed with the RIPEMD-160 hashing algorithm, allowing attackers to establish SSL connections using self-signed certificates.
CVE-2023-6057 (CVSS score 8.6) - This vulnerability involves insecure trust of DSA-signed certificates, as Bitdefender fails to check the certificate chain adequately.
CVE-2023-49567 (CVSS score 8.6) - Bitdefender incorrectly trusts certificates using collision-prone hash functions like MD5 and SHA1, enabling attackers to use rogue certificates that appear legitimate.
CVE-2023-49570 (CVSS score 8.6) - This vulnerability is linked to Bitdefender’s failure to validate the "Basic Constraints" extension in certificates. Attackers could exploit this to establish MITM connections.

Bitdefender has released an automatic update, version 27.0.25.115, that addresses all the identified vulnerabilities. The update corrects HTTPS certificate validation and strengthens security against MITM attacks.

Users are strongly advised to update to version 27.0.25.115 or later to mitigate these risks.

Bitdefender Total Security fixes multiple flaws classified as high severity, just below critical

Read More
CrushFTP warns of actively exploited flaw, users asked …
ClamAV Vulnerable to WinRAR critical vulnerability
Apache Tomcat "Made You Reset" vulnerability exposes risk …
VMware reports public exploit of vRealize RCE vulnerability
Oracle patches actively exploited flaw in Agile PLM