Attacker Value
Unknown
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

TrendMicro Password Manager node.js Unsafe API Calls

Last updated February 13, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

When you install TrendMicro Antivirus on Windows, by default a component called Password Manager is also installed and automatically launched on startup. This product is primarily written in JavaScript with node.js, and opens multiple HTTP RPC ports for handling API requests. It took about 30 seconds to spot one that permits arbitrary command execution, openUrlInDefaultBrowser, which eventually maps to ShellExecute().

Add Assessment

0
Technical Analysis

This example will show the domain of the first encrypted password:

https://localhost:49155/api/showSB?url=javascript:topWindow.process.mainModule.exports.Tower.handle.getUserData(function(n){alert(JSON.parse(n).data.passcard[0].Domain)})'

General Information

Additional Info

Technical Analysis