Credentials disclosure in Avira Free Antivirus
https://medium.com/@knikolenko/avira-free-antivirus-password-collector-83452fa7f943 …
CVE-2020-12680
@Avira @malwrhunterteam
-
-
It's not "simply read a file and stdout it", it's reading and decrypting (see screen here: https://twitter.com/malwrhunterteam/status/1258351727608242176 … - but better if you check the samples yourself and see fully) the saved passwords from browsers' databases, something that most of AVs would easily detects nowadays.
-
It's pretty bad quality code for sure, but if writing some quick hacky code now and then was a vulnerability I'd be in trouble
I guess my question is, you could do the same thing with cdb.exe, which is also signed, why is that not a vulnerability? - 3 more replies
New conversation -
-
-
I'm being told that the suspicious feature is part of the import function in Avira's password manager, so it looks like a legitimate feature doing its job. [reposted because... typos]
-
I don't think anyone claims it's suspicious, they're saying that it's too easy to repurpose. It's a matter of opinion if that's a problem or not, but it's not a vulnerability and I think the CVE assignment will likely get withdrawn by MITRE.
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.