Partick Hussey

Name of the Vulnerable Software and Affected Versions: Trend Micro Vulnerability Protection version 2.0 SP2 Description: The issue is related to an authentication bypass vulnerability when LDAP authentication is enabled. This could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication can prevent this attack. It is also mentioned that the vulnerability is related to deficiencies in authentication, which can be exploited by a remote attacker to elevate privileges. Recommendations: For Trend Micro Vulnerability Protection version 2.0 SP2, consider enabling multi-factor authentication to prevent the attack. As a temporary workaround, avoid using LDAP authentication until a patch is available. If possible, switch to manager native authentication or SAML authentication, as installations using these methods are not impacted by this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Deep Security versions 10.x through 12.x **Description** The issue allows an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication if LDAP authentication is enabled. Enabling multi-factor authentication can prevent this attack. Installations using manager native authentication or SAML authentication are not impacted. **Recommendations** For Trend Micro Deep Security versions 10.x through 12.x, enable multi-factor authentication to prevent the authentication bypass attack.