CVE Vulnerability

CVE-2007-3455

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt Patch
http://secunia.com/advisories/25778 Patch Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558
http://www.securityfocus.com/bid/24641
http://www.securityfocus.com/bid/24935
http://www.securitytracker.com/id?1018320
http://www.vupen.com/english/advisories/2007/2330
http://osvdb.org/36628
https://exchange.xforce.ibmcloud.com/vulnerabilities/35052
Configurations

Configuration 1

cpe:2.3:a:trend_micro:officescan:8.0:*:corporate:*:*:*:*:*
Information

Published : 2007-06-27 12:30

Updated : 2017-07-29 01:32

NVD link : CVE-2007-3455

Mitre link : CVE-2007-3455

Products Affected
No products.
CWE
CWE-264