Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15024

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.

Published

2020-09-10T18:15:12.637

Last Modified

2024-11-21T05:04:38.823

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-212
CWE-459

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	avast	antivirus	20.1.5069.562	Yes

References

http://nestedif.com/avast-antivirus-password-manager-vulnerability-improper-session-handling-leading-to-information-disclosure-advisory/ Third Party Advisory, URL Repurposed ([email protected])
http://nestedif.com/avast-antivirus-password-manager-vulnerability-improper-session-handling-leading-to-information-disclosure-advisory/ Third Party Advisory, URL Repurposed (af854a3a-2127-422b-91ae-364da2661108)