Authentication Bypass in Trend Micro OfficeScan Versions 3.0 to 5.x
CVE-2003-1341

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Officescan; Virus Buster
Vendor: CVE Published:; 31 December 2003

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2003-1341?

The default installation of Trend Micro OfficeScan versions 3.0 through 3.54 and 5.x is susceptible to an authentication bypass vulnerability. This flaw allows remote attackers to gain unauthorized access to the web management console by directly requesting the cgiMasterPwd.exe script, circumventing the authentication gate provided by cgiChkMasterPasswd.exe. This can lead to significant security risks, including unauthorized changes to the system settings and exposure of sensitive information. Organizations using these versions should consider updating their software and reviewing their security configurations.

References

http://www.osvdb.org/6181

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/7881

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/11059

vdb-entryx_refsource_XF

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 14, 2007
Vulnerability published
Dec 31, 2003