Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-6058

UNKNOWN
Published 2024-10-18T07:52:08.678Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-6058. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Bitdefender

Total Security

Affected Versions:

0
bitdefender

total_security

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-h64p-h4x7-h6r6

Advisory Details

A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-6058
WEB https://www.bitdefender.com/support/security-advisories/https-certificate-validation-issue-in-bitdefender-safepay-va-11167

Advisory provided by GitHub Security Advisory Database. Published: October 18, 2024, Modified: October 22, 2024

References

https://www.bitdefender.com/support/security-advisories/https-certificate-validation-issue-in-bitdefender-safepay-va-11167/
Published: 2024-10-18T07:52:08.678Z
Last Modified: 2024-10-18T15:26:30.132Z
Copied to clipboard!