CVE-2020-8987
HIGHAvast AntiTrack < 1.5.1.172 and AVG AntiTrack < 2.0.0.178 - Improper Certificate Validation
Title source: llmDescription
Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.)
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast
Third Party Advisory x_refsource_misc
https://www.davideade.com/2020/03/avast-antitrack.html
Scores
CVSS v3
7.4
EPSS
0.0051
EPSS Percentile
39.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (2)
avast/antitrack
< 1.5.1.172
avast/avg_antitrack
< 2.0.0.178
Published
Mar 09, 2020
Tracked Since
Feb 18, 2026