"ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature"

ESET has recently released patches for several of its endpoint and server security products to address a high-severity vulnerability that could have been exploited to cause web browsers to trust sites that should not be trusted.  ESET noted that the flaw tracked as CVE-2023-5594 affected their products' SSL/TLS protocol scanning feature.  It could have caused browsers to trust websites with certificates signed with outdated and insecure algorithms.  ESET stated that the vulnerability in the secure traffic scanning feature was caused by improper validation of the server's certificate chain.  ESET noted that an intermediate certificate signed using the MD5 or SHA1 algorithm was considered trusted.  Thus, the browser on a system with the ESET secure traffic scanning feature enabled could be caused to trust a site secured with such a certificate.  ESET published a list of affected products, which include NOD32 Antivirus, Internet Security, Smart Security Premium, Security Ultimate, Endpoint Antivirus, Endpoint Security, Server Security, Mail Security, Security for Microsoft SharePoint Server, and File Security for Microsoft Azure.  ESET noted that patches have been rolling out via automatic product updates since November 21 and that no user interaction is required to install the fix.  The cybersecurity firm says it's unaware of any attacks exploiting this vulnerability. 

SecurityWeek reports: "ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature"