A well known Anti-virus application, Avira, which offers free security software to customers all over the world, with Secure Backup services is susceptible to a crucial web application vulnerability that may allow an attacker to take over users’ account, putting countless users in danger.
Avira is quite popular because of their free security suite that includes its own real-time protection module against malware and a secure backup service. Avira was thought to be the sixth largest antivirus vendor in 2012 with more than 100 million customers globally.
A 16 year-old security researcher, ‘Mazen Gamal’ from Egypt stated that that Avira’s Website is vulnerable to CSRF (Cross-site request forgery) vulnerability that enables him to hijack users’ accounts and gain entry to their online secure cloud backup files.
Gamal revealed the flaw to the Avira Security Team on August 21st. The team answered positively and patched the CSRF bug on their site, but the Secure online backup service is still susceptible to hackers until Avira will not offer a offline password layer for decrypting files locally.
You can view the vulnerability in a action here: