Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanning (VA-11210)

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant to be an "End Entity”. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website.

N/A

证书验证不恰当

Bitdefender Total Security 信任管理问题漏洞

Bitdefender Total Security是罗马尼亚比特梵德（Bitdefender）公司的一款应用于PC端的主动威胁防护软件。该软件具有防病毒，防火墙，反间谍软件，隐私控制，家长控制功能。还包括System TuneUp等功能。 Bitdefender Total Security 27.0.25.115之前版本存在信任管理问题漏洞，该漏洞源于基本约束证书的不安全信任，可能允许攻击者执行中间人(MITM)攻击，拦截并更改用户与网站之间的通信。

N/A

N/A