CVE-2020-15024Improper Removal of Sensitive Information Before Storage or Transfer in Antivirus

CWE-212Improper Removal of Sensitive Information Before Storage or TransferCWE-459Incomplete CleanupCWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 83.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Avast Antivirus
Timeline
PublishedSep 10
Latest updateMay 24

Description

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDavast/antivirus20.1.5069.562

🔴Vulnerability Details

2
GHSA
GHSA-mv65-7xv7-wp7j: An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 202022-05-24
CVEList
CVE-2020-15024: An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 202020-09-10
CVE-2020-15024 — Avast Antivirus vulnerability | cvebase