Google researcher discovers leaks in Trend Micro’s password manager

Spread the love

Tavis Ormandy of Google’s Project Zero team discovered several vulnerabilities in Trend Micro’s password manager that could allow an attacker to access passwords stored there. It was also possible to run arbitrary code.

The vulnerability concerns a remote code execution, which existed in addition to the fact that a total of seventy APIs that give access to the passwords were accessible via the internet. This allowed an attacker to run arbitrary code on a vulnerable device and access all passwords without the user noticing.

Ormandy claims to have fixed the bug ‘in less than thirty seconds’. He goes on to say that “he doesn’t know what to say” about the incident, as the password manager is installed by default with Trend Micro’s antivirus program. The company has since released a patch that solves the problems via the automatic update function, reports The Register.

It’s not the first time Ormandy has discovered critical vulnerabilities in software from other companies, including AVG and ESET. As in the current case, this is often accompanied by colorful statements about the seriousness of the vulnerabilities.

You might also like