Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanning (VA-11210)
Vulnerability Description
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant to be an "End Entity”. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Bitdefender Total Security 信任管理问题漏洞
Vulnerability Description
Bitdefender Total Security是罗马尼亚比特梵德(Bitdefender)公司的一款应用于PC端的主动威胁防护软件。该软件具有防病毒,防火墙,反间谍软件,隐私控制,家长控制功能。还包括System TuneUp等功能。 Bitdefender Total Security 27.0.25.115之前版本存在信任管理问题漏洞,该漏洞源于基本约束证书的不安全信任,可能允许攻击者执行中间人(MITM)攻击,拦截并更改用户与网站之间的通信。
CVSS Information
N/A
Vulnerability Type
N/A