Avast exposes users to attacks

Security vulnerabilities were found in the Avast Antitrack tool. Man-in-the-middle (MiTM) attacks could have been possible due to a vulnerability in the certificate validation feature.

Researcher David Eade said in his blog post:

‚Avast Antitrack does not check validity of end web server certificates. A remote attacker running a malicious proxy could capture their victim’s HTTPS traffic and record credentials for later re-use. If a site needs two factor authentication (such as a one-time password), then the attacker can still hijack a live session by cloning session cookies after the victim logs in.‘

Avast released a statement saying that the issues have been fixed through an update pushed to all AntiTrack users.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

en_USEnglish de_DEDeutsch