Credentials disclosure in Avira Free Antivirus
https://medium.com/@knikolenko/avira-free-antivirus-password-collector-83452fa7f943 …
CVE-2020-12680
@Avira @malwrhunterteam
-
-
I not sure if this something that should get a CVE or not. But it is a real problem: there are files signed by Avira (meaning no AVs detecting it, hopefully at least some will now) that anyone can use very easily to read saved password from browsers.
-
Still not sure I understand, there are a lot of signed Windows system files that will read a file and write it to stdout, why are those not a problem?
- 5 more replies
New conversation -
-
-
The problem is that stdout can be fetched by any other program. This can be used as man in the middle to steal passwords on a machine.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.