CVE-2008-2433

Name of the Vulnerable Software and Affected Versions: Trend Micro OfficeScan versions 7.0 through 8.0 Worry-Free Business Security version 5.0 Client/Server/Messaging Suite versions 3.5 and 3.6

Description: The web management console creates a random session token based only on the login time, making it easier for remote attackers to hijack sessions via brute-force attacks. This issue can be leveraged for code execution through an unspecified manipulation of the configuration.

Recommendations: For Trend Micro OfficeScan versions 7.0 through 8.0, update the software to a version that generates a more secure session token. For Worry-Free Business Security version 5.0, consider implementing additional security measures to prevent brute-force attacks. For Client/Server/Messaging Suite versions 3.5 and 3.6, restrict access to the web management console until a more secure version is available.