CVE-2020-15024

Published: Sep 10, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.

Affected (1)

Products: Avast: Antivirus

Avast

1 product

Antivirus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avast Antivirus	Version 20.1.5069.562

Related CWEs

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

CWE-459

Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

References (2)

http://nestedif.com/avast-antivirus-password-manager-vulnerability-improper-session-handling-leading-to-information-disclosure-advisory/

Source: cve@mitre.org

Third Party AdvisoryURL Repurposed

http://nestedif.com/avast-antivirus-password-manager-vulnerability-improper-session-handling-leading-to-information-disclosure-advisory/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryURL Repurposed

Timeline

No history available yet.