Outdated Password Hashing in Trend Micro Messaging Security Appliance
CVE-2020-27693

4.4MEDIUM

Key Information:

Vendor

Trend Micro
Status
Trend Micro Interscan Messaging Security Virtual Appliance (imsva)
Vendor
CVE Published:
9 November 2020

What is CVE-2020-27693?

The Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 contains a vulnerability where administrative passwords are stored using outdated hashing algorithms. This practice can expose sensitive credentials and increase the risk of unauthorized access, potentially leading to severe security breaches. Organizations utilizing this appliance should take immediate action to update their security practices and ensure stronger password management.

Affected Version(s)

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1

References

https://success.trendmicro.com/solution/000279833
x_refsource_MISC
https://sec-consult.com/en/blog/advisories/vulnerabilitie...
x_refsource_MISC

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.