avast! Antivirus Server Edition Password Setting Weakness

Medium Nessus Plugin ID 24280


The remote Windows host contains an application that is susceptible to an authentication bypass issue.


The remote host is running avast! Antivirus Server Edition.

The installed version of this software reportedly does not ask for a password even if one is set. A local attacker may be able to leverage this issue to bypass authentication and manipulate settings of the affected application.


Upgrade to avast! Antivirus Server Edition 4.7.726 or later.

See Also


Plugin Details

Severity: Medium

ID: 24280

File Name: avast_password_setting.nasl

Version: $Revision: 1.15 $

Type: local

Agent: windows

Family: Windows

Published: 2007/02/06

Modified: 2016/05/04

Dependencies: 13855

Risk Information

Risk Factor: Medium


Base Score: 4.4

Temporal Score: 3.8

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2007/02/05

Reference Information

CVE: CVE-2007-0829

BID: 22425

OSVDB: 33114