CVE-2020-8987

2020-03-09T17:15:00
ID CVE-2020-8987
Type cve
Reporter cve@mitre.org
Modified 2020-03-10T18:34:00

Description

Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.)