avast! Antivirus Server Edition Password Setting Weakness

medium Nessus Plugin ID 24280

Synopsis

The remote Windows host contains an application that is susceptible to an authentication bypass issue.

Description

The remote host is running avast! Antivirus Server Edition.

The installed version of this software reportedly does not ask for a password even if one is set. A local attacker may be able to leverage this issue to bypass authentication and manipulate settings of the affected application.

Solution

Upgrade to avast! Antivirus Server Edition 4.7.726 or later.

See Also

http://www.nessus.org/u?21384a15

Plugin Details

Severity: Medium

ID: 24280

File Name: avast_password_setting.nasl

Version: 1.16

Type: local

Agent: windows

Family: Windows

Published: 2/6/2007

Updated: 6/27/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/5/2007

Reference Information

CVE: CVE-2007-0829

BID: 22425