HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167)

A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.

N/A

证书验证不恰当

Bitdefender Total Security 信任管理问题漏洞

Bitdefender Total Security是罗马尼亚比特梵德（Bitdefender）公司的一款应用于PC端的主动威胁防护软件。该软件具有防病毒，防火墙，反间谍软件，隐私控制，家长控制功能。还包括System TuneUp等功能。 Bitdefender Total Security 27.0.25.115之前版本存在信任管理问题漏洞，该漏洞源于HTTPS证书验证问题，允许攻击者使用自签名证书执行中间人(MITM)攻击，可能导致安全通信被拦截并被篡改。

N/A

N/A