Interference With Certificates By Bd Makes Safe Site Unusable
When trying to book a ticket at www.eno.org I was prevented because Internet Explorer 9 reported "Content was blocked because it was not signed by a valid security certificate. "
When I checked the details of the invalid certificate, I found:
C = RO
O = Bitdefender
OU = IDS
CN = Untrusted Bitdefender CA
It appears Bitdefender has somehow replaced the valid certificate for the booking page with some dummy, untrusted one.
After wasting a LOT of time, I found a semi-related tip here to turn OFF 'Scan SSL'. I didn't think that would be relevant because the booking page URL/connection type is:
Address: http://www.eno.org/book-now.php?eventid=8278
Connection: TLS 1.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange
... i.e. *not* an HTTPS address. But after turning off 'Scan SSL', the website worked correctly and the Certificate details changed to:
CN = VeriSign Class 3 Secure Server CA - G3
OU = Terms of use at https://www.verisign.com/rpa ©10
OU = VeriSign Trust Network
O = VeriSign, Inc.
C = US
I find it most concerning that BD tampers with Certificates, and not only tampers, but in a bad way, making a safe and secure site unusable.
Comments
-
Hello
Welcome back!
Some connections to secured websites(HTTPS) can not be scanned, that's why in some cases you will receive that warning from the browsers.
By default, the Scan SSL featured is disabled in Bitdefender and should be enabled only when needed.
Thank you for understanding.0 -
Hi,
Thank you for your fast response. I am trying to understand what you said, but I think there must be a misunderstanding here. The URL was not HTTPS, it was http://www.eno.org/book-now.php?eventid=8278. Also, BD has replaced a valid certificate with a made-up invalid certificate.
Are you saying that if BD cannot scan an HTTPS connection it will impose a deliberately invalid certificate for that site? (but to say again, my URL was not HTTPS)
Confused.
MarkHello
Welcome back!
Some connections to secured websites(HTTPS) can not be scanned, that's why in some cases you will receive that warning from the browsers.
By default, the Scan SSL featured is disabled in Bitdefender and should be enabled only when needed.
Thank you for understanding.0 -
Hello
We need to further investigate the current situation.
Please follow the steps explained in the article below and send me via PM the generated log file:
http://forum.bitdefender.com/index.php?showtopic=29927
If the file is too big to attach it, upload it on
or
and send me a PM with the download link.
If you were already asked to generate the log file, disregard the message above and just post the ticket ID.
Have a nice day.0 -
Fantastic, turning off "Scan SSL" fixes this for me too. I was starting to think my PC had been hacked. BitDefender really should not be tampering with Certificates like this, it's supposed to add trust, not reduce it!0