[solved in 22.214.171.1244] Ssl Security Issue With Bd Certificate Injection
In normal cases browsers indicate proper ssl encrytion with valid certificate with switching the url line to another color, additionally a closed lock is shown. If clicking the lock, details of ssl certification and its status are shown.
If 'Scan SSL' is activated in BD-IS 'Privacy control settings', ssl stream seems to be injected by Bitdefender, clicking the closed lock does not show the validation data of generic webpage certification.
So there seems to be NO direct validation of target server possible, in my opinion BD acts as a local 'Man-in-middle'. This opens serveral cogitable scenarios for spoofing/attacking the secure connection.
This feature of BD should be analysed in a wide spreaded discussion, it is security related for all ssl connections. Customers must trust to BD not abusing this feature, NSA/CIA and smilar are watching us...
(It seems to be a security issue for whole BD, not only for Privacy, so post is done in this General form. Thanks.)
All Time Leaders
- 2.4K All Categories
- 1.3K Windows
- 142 Mac
- 411 Mobile Security
- 353 VPN
- 366 Central & Subscriptions
- 401 Other Products & Services
- 89 Security Research Team
- 147 Product features and Ideation
- 179 Enterprise Security
- 663 General Topics
- 184 News & Blogs
- 4.8K Home & home office protection
- 24.2K Old forum topics