[solved in 22.214.171.1244] Ssl Security Issue With Bd Certificate Injection
In normal cases browsers indicate proper ssl encrytion with valid certificate with switching the url line to another color, additionally a closed lock is shown. If clicking the lock, details of ssl certification and its status are shown.
If 'Scan SSL' is activated in BD-IS 'Privacy control settings', ssl stream seems to be injected by Bitdefender, clicking the closed lock does not show the validation data of generic webpage certification.
So there seems to be NO direct validation of target server possible, in my opinion BD acts as a local 'Man-in-middle'. This opens serveral cogitable scenarios for spoofing/attacking the secure connection.
This feature of BD should be analysed in a wide spreaded discussion, it is security related for all ssl connections. Customers must trust to BD not abusing this feature, NSA/CIA and smilar are watching us...
(It seems to be a security issue for whole BD, not only for Privacy, so post is done in this General form. Thanks.)
All Time Leaders
- 2.4K All Categories
- 1.3K Windows
- 142 Mac
- 417 Mobile Security
- 357 VPN
- 368 Central & Subscriptions
- 403 Other Products & Services
- 89 Security Research Team
- 148 Product features and Ideation
- 180 Enterprise Security
- 665 General Topics
- 184 News & Blogs
- 4.8K Home & home office protection
- 24.2K Old forum topics