SQL injection in Trend Micro's Control Manager
Contributed by: Email on 10/01/2012 03:43 PM
[
Comments
]
Of all things, Trend Micro's platform for centralized security management is vulnerable to SQL injection attacks. According to US-CERT, versions 5.5 and 6.0 of the Trend Micro Control Manager are vulnerable. The company has provided patches for both affected versions.
The vulnerability in question concerns a blind SQL injection attack which means the web frontend does not divulge any information from the database. According to a report by security consulting firm Spentera which includes a proof-of-concept, the vulnerable system can be made to leak information like password hashes by analyzing the timing of SQL queries.
The vulnerability in question concerns a blind SQL injection attack which means the web frontend does not divulge any information from the database. According to a report by security consulting firm Spentera which includes a proof-of-concept, the vulnerable system can be made to leak information like password hashes by analyzing the timing of SQL queries.
Comments
