Trend Micro OfficeScan Authentication Bypass

2003-01-14T19:43:37
ID OSVDB:6181
Type osvdb
Reporter Rod Boron(rod_boron@yahoo.com)
Modified 2003-01-14T19:43:37

Description

Vulnerability Description

Trend Micro OfficeScan Corporate Edition contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered due to insecure permissions, which could allow a remote attacker to bypass the default cgiChkMasterPwd.exe program and create a login password to gain unauthorized access to the web management interface, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: A tool (CGI_NTFS.exe) is provided with OfficeScan which provides utilities to lock down CGI directory permissions and secure OfficeScan.

Short Description

Trend Micro OfficeScan Corporate Edition contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered due to insecure permissions, which could allow a remote attacker to bypass the default cgiChkMasterPwd.exe program and create a login password to gain unauthorized access to the web management interface, resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/officescan/cgi/cgiMasterPwd.exe

References:

Vendor URL: http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm Vendor Specific Solution URL: http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353 Secunia Advisory ID:7881 Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html ISS X-Force ID: 11059 Bugtraq ID: 6616