This Remote host is installed with Trend Micro OfficeScan, which is prone to Authentication Bypass Vulnerability.

Remote users can gain administrative access on the target application and allow arbitrary code execution. Impact Level : Application.

Partially Fixed. Fix is available for Trend Micro OfficeScan 8.0 and Worry-Free Business Security 5.0. http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2402.exe http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_Win_EN_CriticalPatch_B1351.exe http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3037.exe http://www.trendmicro.com/ftp/products/patches/WFBS_50_WIN_EN_CriticalPatch_B1404.exe ***** NOTE : Ignore this warning if above mentioned patch is applied already. *****

The flaw is due to insufficient entropy in a random session token used to identify an authenticated manager using the web console.

Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6 Trend Micro OfficeScan Corporate Edition versions 7.0 and 7.3 Trend Micro OfficeScan Corporate Edition version 8.0 Trend Micro Worry-Free Business Security (WFBS) version 5.0

• http://secunia.com/advisories/31373/
• http://securitytracker.com/alerts/2008/Aug/1020732.html

---

Updated on 2015-03-25