Google researcher discovered vulnerabilities in password manager of Trend Micro

Jan

13

2016

Tavis Ormandy of Google’s Project Zero team discovered several vulnerabilities in the password manager of Trend Micro, allowing an attacker could have access to the passwords stored there. It was also possible to execute arbitrary code.

The vulnerability is a remote code execution, which consisted besides the fact that a total of seventy APIs that provide access to the passwords were accessible via the internet. This allows an attacker could execute arbitrary code on a vulnerable machine, and he had access to all the passwords without the user would notice anything about it.

Ormandy claims the bug in less than thirty seconds “Having established. Further, he says that he does not know what to say “about the incident, since the password manager is installed by default with the antivirus software from Trend Micro. The company has released a patch that solves the problems via the automatic update feature, as reports The Register.

It is not the first time that Ormandy discovered critical vulnerabilities in software from other companies, including AVG and ESET. Often this, as in the present case, combined with colorful statements about the severity of the vulnerabilities.

Viewing:-111

In: Technology & Gadgets Asked By: [15171 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »