PT-2020-20410 · Avg+1 · Avg Antitrack+1

David Eade

Published

2020-03-09

Updated

2020-03-10

CVE-2020-8987

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Avast AntiTrack versions prior to 1.5.1.172 AVG Antitrack versions prior to 2.0.0.178

Description The issue allows a man-in-the-middle to host a malicious website using a self-signed certificate, as the software does not validate certificates for HTTPS sites. This can be exploited when the "Allow filtering of HTTPS traffic for tracking detection" option is enabled, which is the default configuration. No special action is required from the victim to be affected.

Recommendations For Avast AntiTrack versions prior to 1.5.1.172, update to version 1.5.1.172 or later. For AVG Antitrack versions prior to 2.0.0.178, update to version 2.0.0.178 or later.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2020-8987

Affected Products

Avg Antitrack

Avast Antitrack

PT-2020-20410 · Avg+1 · Avg Antitrack+1

CVE-2020-8987

Weakness Enumeration

Related Identifiers

Affected Products

References · 4