Vulnerabilities > CVE-2008-2433 - Use of Insufficiently Random Values vulnerability in Trendmicro products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
trendmicro
CWE-330
critical
nessus

Summary

The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration."

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Brute Force
    In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space. Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

NASL familyWindows
NASL idTRENDMICRO_MULTIPLE_PRODUCTS_SECURITY_BYPASS_VULN.NASL
descriptionThe remote host is either running Trend Micro OfficeScan or Worry-Free Business Security. The installed version is affected by a security bypass vulnerability because it reportedly implements a weak algorithm to generate random session tokens typically assigned to a successful authentication request. An attacker can easily brute-force the authentication token and gain access to the web console. In some cases it may be possible to execute arbitrary code on the remote system.
last seen2020-06-01
modified2020-06-02
plugin id34050
published2008-08-27
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/34050
titleTrend Micro Multiple Products Token Prediction Security Bypass

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 30792 CVE(CAN) ID: CVE-2008-2433 OfficeScan是一种针对整个网段的分布式杀毒软件。 OfficeScan的web管理控制台使用了不充分的熵用于创建识别已认证管理员的随机会话令牌。当真正的管理员登录时,会话令牌的熵仅来自于系统时间,细粒度为1秒。攻击者可以相对容易的暴力猜测到认证令牌,扮演成当前登录的管理员,然后通过操控配置完全控制系统。 Trend Micro OfficeScan 8.0 Trend Micro OfficeScan 7.3 Trend Micro OfficeScan 7.0 Trend Micro Worry-Free Business Security 5.0 Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_Win_EN_CriticalPatch_B1351.exe target=_blank>http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_Win_EN_CriticalPatch_B1351.exe</a> <a href=http://www.trendmicro.com/ftp/products/patches/WFBS_50_WIN_EN_CriticalPatch_B1404.exe target=_blank>http://www.trendmicro.com/ftp/products/patches/WFBS_50_WIN_EN_CriticalPatch_B1404.exe</a>
idSSV:3912
last seen2017-11-19
modified2008-08-26
published2008-08-26
reporterRoot
title趋势科技OfficeScan Web管理绕过认证漏洞