Vulnerability Description
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trend Micro | Officescan | 8.0 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558
- http://osvdb.org/36628
- http://secunia.com/advisories/25778PatchVendor Advisory
- http://www.securityfocus.com/bid/24641
- http://www.securityfocus.com/bid/24935
- http://www.securitytracker.com/id?1018320
- http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_Patch
- http://www.vupen.com/english/advisories/2007/2330
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35052
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558
- http://osvdb.org/36628
- http://secunia.com/advisories/25778PatchVendor Advisory
- http://www.securityfocus.com/bid/24641
- http://www.securityfocus.com/bid/24935
- http://www.securitytracker.com/id?1018320
FAQ
What is CVE-2007-3455?
CVE-2007-3455 is a vulnerability with a CVSS score of 10.0 (HIGH). cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty h...
How severe is CVE-2007-3455?
CVE-2007-3455 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3455?
Check the references section above for vendor advisories and patch information. Affected products include: Trend Micro Officescan.