Avira – Critical CSRF flaw Vulnerability puts millions users at risk

Discussion in 'other security issues & news' started by Minimalist, Sep 21, 2014.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
  2. Cmhelper

    Cmhelper Registered Member

    Joined:
    May 6, 2014
    Posts:
    137
    Location:
    Tettnang
    Hi,
    Strange that the whole article is giving the expression that this is a current security issue but tells in the bottom line:

    "Gamal has reported the vulnerability to the Avira Security Team on August 21th, the team admitted the flaw and fixed the CSRF bug on their website, but the Secure online backup service “is still vulnerable to hackers until Avira will not offer a offline password layer for decrypting files locally.”"

    This means: No risk since that issue was reported and fixed on the same day, Avira Secure Backup use the same login. Store of encrypted files within a cloud storage and decrypt of the files locally is possible with other free tools.
     
Loading...