[solved in 188.8.131.524] Ssl Security Issue With Bd Certificate Injection
In normal cases browsers indicate proper ssl encrytion with valid certificate with switching the url line to another color, additionally a closed lock is shown. If clicking the lock, details of ssl certification and its status are shown.
If 'Scan SSL' is activated in BD-IS 'Privacy control settings', ssl stream seems to be injected by Bitdefender, clicking the closed lock does not show the validation data of generic webpage certification.
So there seems to be NO direct validation of target server possible, in my opinion BD acts as a local 'Man-in-middle'. This opens serveral cogitable scenarios for spoofing/attacking the secure connection.
This feature of BD should be analysed in a wide spreaded discussion, it is security related for all ssl connections. Customers must trust to BD not abusing this feature, NSA/CIA and smilar are watching us...
(It seems to be a security issue for whole BD, not only for Privacy, so post is done in this General form. Thanks.)
All Time Leaders
- 2.2K All Categories
- 1.1K Windows
- 120 Mac
- 387 Mobile Security
- 305 VPN
- 328 Central & Subscriptions
- 379 Other Products & Services
- 83 Security Research Team
- 136 Product features and Ideation
- 150 Enterprise Security
- 624 General Topics
- 170 News & Blogs
- 4.8K Home & home office protection
- 24.2K Old forum topics