Friday, March 24, 2017
Home / Security / Exploits / Avira CSRF Vulnerability puts Users at Risk

Avira CSRF Vulnerability puts Users at Risk

A well known Anti-virus application, Avira, which offers free security software to customers all over the world, with Secure Backup services is susceptible to a crucial web application vulnerability that may allow an attacker to take over users’ account, putting countless users in danger.

Avira is quite popular because of their free security suite that includes its own real-time protection module against malware and a secure backup service. Avira was thought to be the sixth largest antivirus vendor in 2012 with more than 100 million customers globally.

A 16 year-old security researcher, ‘Mazen Gamal’ from Egypt stated that that Avira’s Website is vulnerable to CSRF (Cross-site request forgery) vulnerability that enables him to hijack users’ accounts and gain entry to their online secure cloud backup files.

Gamal revealed the flaw to the Avira Security Team on August 21st. The team answered positively and patched the CSRF bug on their site, but the Secure online backup service is still susceptible to hackers until Avira will not offer a offline password layer for decrypting files locally.

You can view the vulnerability in a action here:

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …