Trend Micro Products Web Management Authentication Bypass
22 Aug. 2008
Summary
"Protect your desktops, laptops, and file servers with OfficeScan, comprehensive security against today's complex, blended threats and Web-based attacks." Secunia Research has discovered a vulnerability in certain Trend Micro products, which can be exploited by malicious people to bypass authentication.
Vulnerable Systems:
* Trend Micro OfficeScan version 7.0
* Trend Micro OfficeScan version 7.3
* Trend Micro OfficeScan version 8.0
* Worry-Free Business Security version 5.0
* Trend Micro Client/Server/Messaging Suite version 3.5
* Trend Micro Client/Server/Messaging Suite version 3.6
The vulnerability is caused by insufficient entropy being used to create a random session token for identifying an authenticated manager using the web management console. The entropy in the session token comes solely from the system time when the real manager logs in with a granularity of one second. This can be exploited to impersonate a currently logged on manager by brute forcing the authentication token.
Successful exploitation further allows execution of arbitrary code via manipulation of the configuration.
Solution:
The vendor has issued patches for Trend Micro OfficeScan 8.0 and Worry-Free Business Security 5.0.
Fixes for other affected versions should be available shortly.
Time Table:
12/08/2008 - Vendor notified.
12/08/2008 - Vendor response.
16/08/2008 - Vendor provides status update.
22/08/2008 - Vendor issues patches for some of the affected products.
22/08/2008 - Public disclosure.
