First published: Mon Mar 09 2020(Updated: )
Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.)
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Avast AntiTrack | <1.5.1.172 | |
Avast Avg Antitrack | <2.0.0.178 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-8987.
The affected software includes Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178.
The severity of CVE-2020-8987 is high with a CVSS score of 7.4.
This vulnerability allows a man-in-the-middle to host a malicious website using a self-signed certificate.
To fix this vulnerability, it is recommended to update Avast AntiTrack to version 1.5.1.172 or higher, and AVG Antitrack to version 2.0.0.178 or higher.