Violation Type:Software Connection Hijacking
|Avast Antivirus/V2||Avast Antivirus|
A piece of software on an end system performs a Man-in-the-Middle attack on connections, supposedly for a benign purpose. This will usually involve installing a custom root CA in the system's trust store, so as to enable the interception of TLS traffic.
This practice is hazardous. It obfuscates the true certificate issuer and prevents browser security features such as certificate pinning from working correctly. See also the ISP equivalent, NHIJACK.