Credentials disclosure in Avira Free Antivirus
https://medium.com/@knikolenko/avira-free-antivirus-password-collector-83452fa7f943 …
CVE-2020-12680
@Avira @malwrhunterteam
-
-
There's a "little" difference between CDB and this, from the point of a skid who looking for very easy ways to do malicious things without getting detected. Also, CDB wasn't intentionally created to only read and decrypt then echo passwords and nothing else.
-
You're saying that cdb is harder to use, if it was easier, then that *would* be a vulnerability? Not sure "vulnerability" is the right word here, but thank you for explaining the rationale, I am clueless about malware!

- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
I guess my question is, you could do the same thing with cdb.exe, which is also signed, why is that not a vulnerability?