CVE-2020-12680

Published: May 8, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. The functions of the executable file Avira.PWM.NativeMessaging.exe are aimed at collecting credentials stored in Chrome, Firefox, Opera, and Edge. The executable does not verify the calling program and thus a request such as fetchChromePasswords or fetchCredentials will succeed. NOTE: some third parties have stated that this is "not a vulnerability.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://twitter.com/taviso/status/1258448515912491026

x_refsource_MISC

https://medium.com/%40knikolenko/avira-free-antivirus-password-collector-83452fa7f943

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-12680

Description

Affected Products

References