QwikSec

Security Database

CVE

CWE

Training

CVE-2008-2433

Published: Aug 27, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

trend-micro-token-security-bypass(44597)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SREASON

http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2402_readme.txt

x_refsource_CONFIRM

http://secunia.com/secunia_research/2008-31/advisory/

x_refsource_MISC

http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5%200_EN_CriticalPatch1404.txt

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

20080822 Secunia Research: Trend Micro Products Web Management Authentication Bypass

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.