CVE-2023-6056: 
Bitdefender Total Security vulnerability analysis and mitigation

A critical vulnerability (CVE-2023-6056) was discovered in Bitdefender Total Security's HTTPS scanning functionality. The vulnerability, disclosed on October 18th, 2024, involves improper trust of self-signed certificates, specifically those signed with the RIPEMD-160 hashing algorithm. This security flaw affects Bitdefender Total Security versions prior to 27.0.25.115 (Bitdefender Advisory, NVD).

The vulnerability has been assigned a high severity CVSS v4.0 score of 8.6 (CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N). The technical issue stems from the software's failure to properly validate self-signed certificates, particularly those using the RIPEMD-160 hashing algorithm. This vulnerability is classified under CWE-295 (Improper Certificate Validation) (NVD, Bitdefender Advisory).

The vulnerability allows attackers to establish Man-in-the-Middle (MITM) SSL connections to arbitrary sites, potentially enabling them to intercept and manipulate user communications. This could lead to the exposure of sensitive data and compromise of secure communications (Security Online).

Bitdefender has released an automatic update to product version 27.0.25.115 that addresses this vulnerability. Users are strongly advised to ensure their software is updated to this latest version to mitigate the security risk (Bitdefender Advisory).