Trend Micro Web Management Authentication Bypass Vulnerability

Summary
This Remote host is installed with Trend Micro OfficeScan, which is prone to Authentication Bypass Vulnerability.
Impact
Remote users can gain administrative access on the target application and allow arbitrary code execution. Impact Level : Application.
Solution
Partially Fixed. Fix is available for Trend Micro OfficeScan 8.0 and Worry-Free Business Security 5.0. http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2402.exe http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_Win_EN_CriticalPatch_B1351.exe http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3037.exe http://www.trendmicro.com/ftp/products/patches/WFBS_50_WIN_EN_CriticalPatch_B1404.exe ***** NOTE : Ignore this warning if above mentioned patch is applied already. *****
Insight
The flaw is due to insufficient entropy in a random session token used to identify an authenticated manager using the web console.
Affected
Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6 Trend Micro OfficeScan Corporate Edition versions 7.0 and 7.3 Trend Micro OfficeScan Corporate Edition version 8.0 Trend Micro Worry-Free Business Security (WFBS) version 5.0
References