[solved in 22.214.171.1244] Ssl Security Issue With Bd Certificate Injection
In normal cases browsers indicate proper ssl encrytion with valid certificate with switching the url line to another color, additionally a closed lock is shown. If clicking the lock, details of ssl certification and its status are shown.
If 'Scan SSL' is activated in BD-IS 'Privacy control settings', ssl stream seems to be injected by Bitdefender, clicking the closed lock does not show the validation data of generic webpage certification.
So there seems to be NO direct validation of target server possible, in my opinion BD acts as a local 'Man-in-middle'. This opens serveral cogitable scenarios for spoofing/attacking the secure connection.
This feature of BD should be analysed in a wide spreaded discussion, it is security related for all ssl connections. Customers must trust to BD not abusing this feature, NSA/CIA and smilar are watching us...
(It seems to be a security issue for whole BD, not only for Privacy, so post is done in this General form. Thanks.)
All Time Leaders
- 2.2K All Categories
- 1.1K Windows
- 119 Mac
- 380 Mobile Security
- 297 VPN
- 324 Central & Subscriptions
- 376 Other Products & Services
- 83 Security Research Team
- 134 Product features and Ideation
- 148 Enterprise Security
- 616 General Topics
- 165 News & Blogs
- 4.8K Home & home office protection
- 24.2K Old forum topics