Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/151590/Avast-Anti-Virus-Local-Credential-Disclosure.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/151590/Avast-Anti-Virus-Local-Credential-Disclosure.html | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 03:45
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/151590/Avast-Anti-Virus-Local-Credential-Disclosure.html - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2019-03-21 16:00
Updated : 2024-11-21 03:45
NVD link : CVE-2018-12572
Mitre link : CVE-2018-12572
CVE.ORG link : CVE-2018-12572
JSON object : View
Products Affected
avast
- free_antivirus
CWE
CWE-312
Cleartext Storage of Sensitive Information