Avira Vulnerability Puts Users' Online Backup Data At Risk
A popular Anti-virus software Avira that provides free security software to its customers with Secure Backup service is vulnerable to a critical web application vulnerability that could allow an attacker to take over users' account, putting millions of its users' account at risk.

Avira is very popular for their free security software that comes with its own real-time protection module against malware and a secure backup service. Avira was considered to be the sixth largest antivirus vendor in 2012 with over 100 million customers worldwide.

A 16 year-old security researcher 'Mazen Gamal' from Egypt told The Hacker News that Avira Website is vulnerable to CSRF (Cross-site request forgery) vulnerability that allows him to hijack users' accounts and access to their online secure cloud backup files.
Cybersecurity

CSRF VULNERABILITY TO ACCOUNT TAKEOVER
Cross-Site Request Forgery (CSRF or XSRF) is a method of attacking a Web site in which an intruder masquerades as a legitimate and trusted user. All the attacker need to do is get the target browser to make a request to your website on their behalf by convincing the victim to click on a specially crafted HTML exploit page.

Basically, an attacker will use CSRF exploit to trick a victim into accessing a URL link that contains malicious requests which will replace victim's email ID on Avira account with attacker's email ID, compromising victim's account in just one click, explained Gamal.

VICTIM BACKUP FILES
After replacing the email address, an attacker can easily reset the password of victim's account through forget password option, as it will send the password reset link to attacker's email ID only.

Once hijacked, the attacker would be able to retrieve all the online backup files the victim have on his/her AVIRA account by simply using the same credentials to login into the user's Online backup Software or at https://dav.backup.avira.com/.
"I found a CSRF vulnerability in Avira can lead me to full account takeover of any Avira user account," Gamal said via an email to The Hacker News. "The impact of the account takeover allowed me to Open the Backup files of the victim and also view the license codes for the affected user."
Gamal also provided Proof-of-Concept video that explains the full story

Gamal reported the flaw to the Avira Security Team on 21st August. The team responded positively and patched the CSRF bug on their website, but the Secure online backup service is still vulnerable to hackers until Avira will not offer a offline password layer for decrypting files locally.

Mazen Gamal has been listed in a number of tech firms including Google, Facebook and Twitter for reporting several vulnerabilities in past.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.