First published: Wed Aug 27 2008(Updated: )
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration."
Credit: PSIRT-CNA@flexerasoftware.com PSIRT-CNA@flexerasoftware.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trend Micro Client Server Messaging Suite | =3.5 | |
Trend Micro Client Server Messaging Suite | =3.6 | |
Trend Micro OfficeScan | =7.0 | |
Trend Micro OfficeScan | =7.3 | |
Trend Micro OfficeScan | =8.0 | |
Trend Micro Worry Free Business Security | =5.0 | |
Trendmicro Client Server Messaging Suite | =3.5 | |
Trendmicro Client Server Messaging Suite | =3.6 | |
Trendmicro Officescan | >=7.0<=8.0 | |
Trendmicro Worry-free Business Security | =5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.