Trend Micro Flaw Allows for Theft of Passwords
Posted by: Timothy Weaver on 01/13/2016 10:23 AM [ Comments ]
Trend Micro users are at risk of having their passwords stolen. Trend Micro has issued a critical patch to prevent the execution of arbitrary commands remotely as well as steal your saved password from Password Manager built into its AntiVirus program.
Tavis Ormandy, Google's Project Zero security researcher, discovered the remote code execution flaw in Trend Micro Antivirus Password Manager component, allowing hackers to steal users’ passwords.
What happens is that the Password Manager starts a Node.js server on the local computer, by default, every time the main antivirus starts. Ormandy found that the Node.js server leaves a number of HTTP RPC ports used for handling API requests open to the world.
Available at "http://localhost:49155/api/," an attacker could easily remotely download malicious code and execute it on your machine, even without your knowledge.
The flaw was supplied to Trend Micro by Ormandy and a patch was developed with his help and Trend Micro is asking all of its users to update their software.
Source: The Hacker News
What happens is that the Password Manager starts a Node.js server on the local computer, by default, every time the main antivirus starts. Ormandy found that the Node.js server leaves a number of HTTP RPC ports used for handling API requests open to the world.
Available at "http://localhost:49155/api/," an attacker could easily remotely download malicious code and execute it on your machine, even without your knowledge.
The flaw was supplied to Trend Micro by Ormandy and a patch was developed with his help and Trend Micro is asking all of its users to update their software.
Source: The Hacker News
Comments