CVE-2020-8987

Sažetak

Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.)

Reference

https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast
https://www.davideade.com/2020/03/avast-antitrack.html

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

10-03-2020 - 18:34

Objavljeno

09-03-2020 - 17:15