漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Insecure Trust of certificates using collision hash functions in Bitdefender Total Security HTTPS Scanning (VA-11239)
Vulnerability Description
A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Bitdefender Total Security 信任管理问题漏洞
Vulnerability Description
Bitdefender Total Security是罗马尼亚比特梵德(Bitdefender)公司的一款应用于PC端的主动威胁防护软件。该软件具有防病毒,防火墙,反间谍软件,隐私控制,家长控制功能。还包括System TuneUp等功能。 Bitdefender Total Security 27.0.25.115之前版本存在信任管理问题漏洞,该漏洞源于错误检查站点的证书,允许攻击者与任意站点建立MITM SSL连接,允许攻击者创建看似合法的恶意证书。
CVSS Information
N/A
Vulnerability Type
N/A