Lucene search

[email protected]NVD:CVE-2020-15024

HistorySep 10, 2020 - 6:15 p.m.

CVE-2020-15024

2020-09-1018:15:12

CWE-459

CWE-212

[email protected]

web.nvd.nist.gov

avast antivirus

password manager

windows main memory

logout

lock vault

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.

Affected configurations

Nvd

Node

avastantivirusMatch20.1.5069.562

VendorProductVersionCPE
avastantivirus20.1.5069.562cpe:2.3:a:avast:antivirus:20.1.5069.562:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
avast	antivirus	20.1.5069.562	cpe:2.3:a:avast:antivirus:20.1.5069.562:::::::*

References

nestedif.com/avast-antivirus-password-manager-vulnerability-improper-session-handling-leading-to-information-disclosure-advisory/

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2020-15024

prion1 cnvd1 cvelist1 cve1