CVE-2023-6057— Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-6057
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166)
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
证书验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Bitdefender Total Security 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Bitdefender Total Security是罗马尼亚比特梵德(Bitdefender)公司的一款应用于PC端的主动威胁防护软件。该软件具有防病毒,防火墙,反间谍软件,隐私控制,家长控制功能。还包括System TuneUp等功能。 Bitdefender Total Security 27.0.25.115之前版本存在信任管理问题漏洞,该漏洞源于使用DSA签名算法颁发的证书的信任不正确,允许攻击者使用DSA签名的证书与任意站点建立MITM SSL连接。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Bitdefender | Total Security | 0 ~ 27.0.25.115 | - |
II. Public POCs for CVE-2023-6057
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-6057
请登录查看更多情报信息。
Same Patch Batch · Bitdefender · 2024-10-18 · 6 CVEs total
| CVE-2023-6055 | Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158) | |
| CVE-2023-6056 | Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (V | |
| CVE-2023-6058 | HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167) | |
| CVE-2023-49570 | Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanni | |
| CVE-2023-49567 | Insecure Trust of certificates using collision hash functions in Bitdefender Total Securit |
IV. Related Vulnerabilities
Same product: Total Security
- CVE-2025-7073
Local Privilege Escalation via Arbitrary File Operation in B - CVE-2024-6871
G DATA Total Security Incorrect Permission Assignment Local - CVE-2024-30377
G DATA Total Security Scan Server Link Following Local Privi - CVE-2024-1868
G DATA Total Security Link Following Local Privilege Escalat - CVE-2024-1867
G DATA Total Security Link Following Local Privilege Escalat
Same vendor: Bitdefender
- CVE-2025-7073
Local Privilege Escalation via Arbitrary File Operation in B - CVE-2025-5317
Improper access restriction to critical folder in Bitdefende - CVE-2025-2245
Server Side Request Forgery in GravityZone Update Server Usi - CVE-2025-2243
SSRF in GravityZone Console via DNS Truncation (VA-12634) - CVE-2025-2244
Insecure PHP deserialization issue in GravityZone Console (V
Same weakness: CWE-295
V. Comments for CVE-2023-6057
No comments yet