CVE-2007-3455

Name of the Vulnerable Software and Affected Versions Trend Micro OfficeScan Corporate Edition versions prior to 8.0.0.142

Description The issue allows remote attackers to bypass the password requirement and gain access to the Management Console. This can be achieved via an empty hash and empty encrypted password string or through crafted HTTP headers. The problem is related to stored decrypted user logon information.

Recommendations For versions prior to 8.0.0.142, update to version 8.0.0.142 or later to resolve the issue. As a temporary workaround, consider restricting access to the Management Console to minimize the risk of exploitation.