ISS X-Force Database: trend-micro-token-security-bypass(44597): Multiple Trend Micro products session token security bypass

Multiple Trend Micro products session token security bypass

trend-micro-token-security-bypass (44597)

Medium Risk

Description:

Multiple Trend Micro products could alow a remote attacker from within the local network to bypass security restrictions, caused by a lack of entropy in a random session token used to identify an authenticated manager on the Web management console. By guessing the authentication token, a remote attacker could exploit this vulnerability using a brute force attack and bypass the authentication process to impersonate a currently logged on administrator and possibly execute arbitrary code on the vulnerable system with the privileges of the victim.

Platforms Affected:

Trend Micro, Client Server Messaging Suite 3.5
Trend Micro, Client Server Messaging Suite 3.6
Trend Micro, OfficeScan 7.0
Trend Micro, OfficeScan 7.3
Trend Micro, OfficeScan 8.0
Trend Micro, Worry-Free Business Security 5.0

Remedy:

For Trend Micro OfficeScan 8.0 Service Pack 1:
Apply the patch for this vulnerability (B2402.exe), available from the Trend Micro Web site. See References.

For Trend Micro OfficeScan 8.0:
Apply the patch for this vulnerability (B1351.exe), available from the Trend Micro Web site. See References.

For Trend Micro OfficeScan 8.0 Service Pack 1 Patch 1:
Apply the patch for this vulnerability (B3037.exe), available from the Trend Micro Web site. See References.

For Trend Micro Worry-Free Business Security 5.0:
Apply the patch for this vulnerability (B1404.exe), available from the Trend Micro Web site. See References.

Consequences:

Bypass Security

References:

Secunia Research 22/08/2008, Trend Micro Products Web Management Authentication Bypass at http://secunia.com/secunia_research/2008-31/advisory/.
Trend Micro Web site, Trend Micro OfficeScan 8.0 Service Pack 1 Critical Patch - Build 2402 at http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2402_readme.txt.
Trend Micro Web site, Worry-Free Business Security 5.0 - Security Server Critical Patch - Build 1404 at http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5%200_EN_CriticalPatch1404.txt.
BID-30792: Trend Micro Web Management Authentication Bypass Vulnerability
CVE-2008-2433: The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified manipulation of the configuration.
SA31373: Trend Micro Products Web Management Authentication Bypass
SECTRACK ID: 1020732: Trend Micro OfficeScan Insufficient Randomization Lets Remote Users Bypass Web Console Authentication
VUPEN/ADV-2008-2421: Trend Micro Web Management Authentication Bypass Vulnerability

Reported:

Aug 22, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page