ZDI-18-411: Trend Micro Encryption for Email Gateway DBCrypto Authentication Weakness Vulnerability
This vulnerability allows attackers to recover user passwords on vulnerable installations of Trend Micro Encryption for Email Gateway. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability. The specific flaw exists within the DBCrypto class. When storing user passwords, the process stores them in a recoverable format using a hard-coded key. An attacker can then leverage this vulnerability to decrypt existing passwords.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Encryption for Email Gateway |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/title
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-18-411
- alias/ZDI-CAN-5513
- alias/CVE-2018-10355
- agent/software-canonical-lookup
- vendor/trend micro
- canonical/trend micro encryption for email gateway