The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration."
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: flexera
Published: 2008-08-27T20:00:00
Updated: 2024-08-07T08:58:02.597Z
Reserved: 2008-05-27T00:00:00
Link: CVE-2008-2433
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2008-08-27T20:41:00.000
Modified: 2024-02-14T16:01:05.023
Link: CVE-2008-2433
Redhat
No data.