CVE-2020-8987

Published: Mar 9, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.)

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast

x_refsource_CONFIRM

https://www.davideade.com/2020/03/avast-antitrack.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-8987

Description

Affected Products

References