Intrusion Prevention

TrendMicro.OfficeScan.Authentication.Bypass

Description

A vulnerability has been reported in Trend Micro OfficeScan. It can be exploited by attackers to bypass certain security restrictions or to compromise a vulnerable system.
An error within cgiChkMasterPwd.exe can be exploited to bypass the authentication mechanism of the web management interface by sending a specially crafted request where the encryption string and hash are empty.

Affected Products

Trend Micro OfficeScan Corporate Edition versions 8.0, 7.3, 7.0, 6.5
Trend Micro OfficeScan 6.0 in Client/Server/Messaging Suite for SMB 2 and
Client Server Messaging Security versions 3.6, 3.5, and 3.0

Impact

Compromise of the affected system.

CVE References

CVE-2007-3455