PT-2019-8901 · Avast · Avast Free Antivirus

Published

2019-03-17

Updated

2020-08-24

CVE-2018-12572

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Avast Free Antivirus versions prior to 19.1.2360

Description The issue allows local users to obtain sensitive information by dumping the AvastUI.exe application memory and parsing the data, as user credentials are stored in memory upon login.

Recommendations For versions prior to 19.1.2360, update to version 19.1.2360 or later to resolve the issue.

Exploit

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2018-12572

Affected Products

Avast Free Antivirus

PT-2019-8901 · Avast · Avast Free Antivirus

CVE-2018-12572

Weakness Enumeration

Related Identifiers

Affected Products

References · 3