|
Family: CGI abuses --> Category: infos
OfficeScan configuration file disclosure Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of /officescan/hotdownload/ofscan.ini
Detailed Explanation for this Vulnerability Test
Trend Micro OfficeScan Corporate Edition (Japanese version: Virus
Buster Corporate Edition) web-based management console let anybody
access /officescan/hotdownload without authentication.
Reading the configuration file /officescan/hotdownload/ofcscan.ini
will reveal information on your system. More, it contains passwords
that are encrypted by a weak specific algorithm
so they might be
decrypted
Solution : upgrade OfficeScan
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|