Interference With Certificates By Bd Makes Safe Site Unusable

mark123

When trying to book a ticket at www.eno.org I was prevented because Internet Explorer 9 reported "Content was blocked because it was not signed by a valid security certificate. "

When I checked the details of the invalid certificate, I found:

C = RO

O = Bitdefender

OU = IDS

CN = Untrusted Bitdefender CA

It appears Bitdefender has somehow replaced the valid certificate for the booking page with some dummy, untrusted one.

After wasting a LOT of time, I found a semi-related tip here to turn OFF 'Scan SSL'. I didn't think that would be relevant because the booking page URL/connection type is:

Address: http://www.eno.org/book-now.php?eventid=8278

Connection: TLS 1.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange

... i.e. *not* an HTTPS address. But after turning off 'Scan SSL', the website worked correctly and the Certificate details changed to:

CN = VeriSign Class 3 Secure Server CA - G3

OU = Terms of use at https://www.verisign.com/rpa ©10

OU = VeriSign Trust Network

O = VeriSign, Inc.

C = US

I find it most concerning that BD tampers with Certificates, and not only tampers, but in a bad way, making a safe and secure site unusable.

rootkit

Hello

Welcome back!

Some connections to secured websites(HTTPS) can not be scanned, that's why in some cases you will receive that warning from the browsers.

By default, the Scan SSL featured is disabled in Bitdefender and should be enabled only when needed.

Thank you for understanding.

mark123

Hi,

Thank you for your fast response. I am trying to understand what you said, but I think there must be a misunderstanding here. The URL was not HTTPS, it was http://www.eno.org/book-now.php?eventid=8278. Also, BD has replaced a valid certificate with a made-up invalid certificate.

Are you saying that if BD cannot scan an HTTPS connection it will impose a deliberately invalid certificate for that site? (but to say again, my URL was not HTTPS)

Confused.

Mark

Hello

Welcome back!

Some connections to secured websites(HTTPS) can not be scanned, that's why in some cases you will receive that warning from the browsers.

By default, the Scan SSL featured is disabled in Bitdefender and should be enabled only when needed.

Thank you for understanding.

rootkit

Hello

We need to further investigate the current situation.

Please follow the steps explained in the article below and send me via PM the generated log file:

http://forum.bitdefender.com/index.php?showtopic=29927

If the file is too big to attach it, upload it on

http://www.sendspace.com

or

http://www.mediafire.com

and send me a PM with the download link.

If you were already asked to generate the log file, disregard the message above and just post the ticket ID.

Have a nice day.

Campbell

Fantastic, turning off "Scan SSL" fixes this for me too.  I was starting to think my PC had been hacked.  BitDefender really should not be tampering with Certificates like this, it's supposed to add trust, not reduce it!