Famous antivirus red umbrella Avira is a free security software, however its secure backup service but there is a serious Web application vulnerabilities, so an attacker can hijack user accounts, millions of users could not accidentally become a“platter. of meat.”
Avira the famous free security software, its own real time protection module and secure backup services are very popular. Avira is rated 2 0 1 2 annual sixth largest antivirus vendor, and around the world 1 0 0 0 more than a million users.
A 1 6-year-old Egyptian security researcher Mazen shows Gamal latest find the Avira website the presence of CSRF vulnerabilities, he can hijack the user account and access the user's online secure cloud backup files.
Use CSRF to achieve the user hijacking
CSRF Cross-site request forgery cross-site request forgery, also known as one click attack or session riding, usually abbreviated as CSRF or XSRF, is a kind of website from malicious use. The attacker, often through the disguise from the trusted user's request to use a trusted site to achieve the attack.
Gamal explained further, in General, the attackers use CSRF exploit to trick the victim to visit a malicious request, where the victim click on this URL to connect to the moment, to achieve the Avira account ID email address replaced.