CVE-2018-12572

Published: Mar 21, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.

Affected (1)

Products: Avast: Free Antivirus

Avast

1 product

Free Antivirus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avast Free Antivirus	Before 19.1.2360

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

http://packetstormsecurity.com/files/151590/Avast-Anti-Virus-Local-Credential-Disclosure.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/151590/Avast-Anti-Virus-Local-Credential-Disclosure.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.