Trend Micro Web Management Authentication Bypass Vulnerability

Trend Micro Web Management Authentication Bypass Vulnerability

Trend Micro Web Management is prone to an authentication-bypass vulnerability because of insufficient entropy used when creating session tokens.

Attackers can exploit this issue to gain administrative access to the application. Reports indicate that after gaining access to the management console, attackers may be able to execute arbitrary code by changing the configuration. Due to a lack of information, the context of the code execution is currently unknown. We will update this BID as more information emerges.

The following Trend Micro products are affected:

Trend Micro OfficeScan 7.0, 7.3 and 8.0
Worry-Free Business Security 5.0
Trend Micro Client/Server/Messaging Suite 3.5 and 3.6

Other versions of these products may also be affected.