CVE-2023-6057

Name of the Vulnerable Software and Affected Versions Bitdefender Total Security (affected versions not specified)

Description A vulnerability has been discovered in Bitdefender Total Security's HTTPS scanning functionality, resulting in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish Man-In-The-Middle (MITM) SSL connections to arbitrary sites using a DSA-signed certificate.

Recommendations Update to the latest version immediately to ensure your security. As a temporary workaround, consider restricting the use of the HTTPS scanning functionality until a patch is available. Avoid using DSA-signed certificates in the affected HTTPS scanning functionality until the issue is resolved. At the moment, there is no information about specific versions that contain a fix for this vulnerability.