漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158)
Vulnerability Description
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product does not verify the certificate's compliance with the site, deeming such certificates as valid. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Bitdefender Total Security 信任管理问题漏洞
Vulnerability Description
Bitdefender Total Security是罗马尼亚比特梵德(Bitdefender)公司的一款应用于PC端的主动威胁防护软件。该软件具有防病毒,防火墙,反间谍软件,隐私控制,家长控制功能。还包括System TuneUp等功能。 Bitdefender Total Security存在信任管理问题漏洞,该漏洞源于无法正确验证网站证书。
CVSS Information
N/A
Vulnerability Type
N/A