| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000601c4f99d$86ee91a0$0201a8c0@CIRT> From: advisory at cirt.dk (CIRT Advisory) Subject: Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack The web application are vulnerable to a replay attack, meaning that the username and password are encrypted but there are not used any form of timestamp to make this mechanism more advanced and secure. If it is possible to sniff the traffic when a user login to the administrative interface, it is possible to replay this sequence and get a valid login session, with the rights of the user. Vendors response to this was, it is a feature not a vulnerability and all the others also have this problem. Read the full advisory at http://www.cirt.dk/advisories/cirt-28-advisory.pdf ---------------------------------------------------------------------- Danish Incident Response Team http://www.cirt.dk ---------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050113/bc35bb73/attachment.html
Powered by blists - more mailing lists