10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7 High
AI Score
Confidence
Low
0.081 Low
EPSS
Percentile
94.3%
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to “stored decrypted user logon information.”
CPE | Name | Operator | Version |
---|---|---|---|
trend_micro:officescan | trend micro officescan | eq | 8.0 |
labs.idefense.com/intelligence/vulnerabilities/display.php?id=558
osvdb.org/36628
secunia.com/advisories/25778
www.securityfocus.com/bid/24641
www.securityfocus.com/bid/24935
www.securitytracker.com/id?1018320
www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt
www.vupen.com/english/advisories/2007/2330
exchange.xforce.ibmcloud.com/vulnerabilities/35052