Описание
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites.
Уязвимые конфигурации
Конфигурация 1Версия до 27.0.25.115 (исключая)
cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.0012
Низкий
7.4 High
CVSS3
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 7.4
github
больше 1 года назад
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites.
EPSS
Процентиль: 32%
0.0012
Низкий
7.4 High
CVSS3
Дефекты
CWE-295