CVE-2022-28795

Name of the Vulnerable Software and Affected Versions Avira Password Manager Browser Extensions versions prior to 2.18.5

Description A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript.

Recommendations For Avira Password Manager Browser Extensions versions prior to 2.18.5, update to version 2.18.5 or later to resolve the issue. As a temporary workaround, consider disabling the automatic password filling feature in the Password Manager Extension until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.