CVE-2008-2433

The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration."
Configurations

Configuration 1

cpe:2.3:a:trend_micro:worry_free_business_security:5.0:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:client_server_messaging_suite:3.5:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:8.0:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:7.0:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:client_server_messaging_suite:3.6:*:*:*:*:*:*:*

Information

Published : 2008-08-27 08:41

Updated : 2018-10-11 08:41


NVD link : CVE-2008-2433

Mitre link : CVE-2008-2433

Products Affected
No products.
CWE