Security expert David Eade has discovered a vulnerability (CVE-2020-8987) in Avast and AVG AntiTrack privacy software that could expose end-users to Man-in-The-Middle (MiTM) attacks, browser session hijack, with consequent exposure of sensitive data.
“A remote attacker running a malicious proxy could capture their victim’s HTTPS traffic and record credentials for later re-use. If a site needs two factor authentication (such as a one-time password), then the attacker can still hijack a live session by cloning session cookies after the victim logs in.” reads the advisory published by Eade.