CVE-2023-6057: 
Bitdefender Total Security vulnerability analysis and mitigation

A critical vulnerability (CVE-2023-6057) was discovered in Bitdefender Total Security's HTTPS scanning functionality, identified on October 18, 2024. The vulnerability affects the certificate validation process in Bitdefender Total Security, specifically related to certificates issued using the DSA signature algorithm (Bitdefender Advisory, NVD).

The vulnerability stems from improper certificate chain validation in Bitdefender Total Security's HTTPS scanning feature. The software incorrectly trusts certificates issued using the DSA signature algorithm without proper verification. This vulnerability has been assigned a CVSS v4.0 score of 8.6 (High) with the vector string CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N. The vulnerability is classified under CWE-295 (Improper Certificate Validation) (Bitdefender Advisory, NVD).

The vulnerability allows attackers to establish Man-in-the-Middle (MITM) SSL connections to arbitrary sites using DSA-signed certificates. This could potentially lead to the interception and manipulation of secure communications between users and websites (Security Online).

Bitdefender has released an automatic update to product version 27.0.25.115 that addresses this vulnerability. Users are strongly advised to ensure their software is updated to this version or later (Bitdefender Advisory).