Trend Micro Interscan VirusWall Weak Admin Password Protection Vulnerability

The method used to remotely authenticate the administrator leaves the administrator's username and password encoded in an easily-converted base64 format. This could permit an attacker with sufficient skills and access to the network to obtain and decode the admin password, potentially undermining the system's anti-virus and anti-trojan measures, further jeopardizing the security of the affected host.

In addition, the administrator's password change script (setpasswd.cgi) receives its information in cleartext via the HTTP protocol. This method of transport may allow an attacker eavesdropping on network traffic to obtain administrative access to the Interscan VirusWall configuraiton, and to make changes which may leave the system open to infection and/or further compromises.


Privacy Statement
Copyright 2010, SecurityFocus