Description
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
Affected products
- Trend Micro / officescan3.0 – 3.0
- Trend Micro / officescan3.0 – 3.0
- Trend Micro / officescan3.1.1 – 3.1.1
- Trend Micro / officescan3.5 – 3.5
- Trend Micro / officescan3.5 – 3.5
- Trend Micro / officescan3.11 – 3.11
- Trend Micro / officescan3.11 – 3.11
- Trend Micro / officescan3.13 – 3.13
- Trend Micro / officescan3.13 – 3.13
- Trend Micro / officescan3.54 – 3.54
- Trend Micro / virus_buster3.52 – 3.52
- Trend Micro / virus_buster3.53 – 3.53
- Trend Micro / virus_buster3.54 – 3.54
References
- MISChttp://www.osvdb.org/6181
- VENDOR_ADVISORYhttp://secunia.com/advisories/7881
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/11059
- MISChttp://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353
- MISChttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html
- MISChttp://www.securityfocus.com/bid/6616