[原文]TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords.
Trend Micro ScanMail for Microsoft Exchange Administrative Credential Disclosure
Local Access Required
Loss of Confidentiality,
Loss of Integrity
Trend Micro Virus Wall contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to administrative passwords by reading the registry keys. These passwords are stored using XOR encryption which is trivial to break.
Upgrade to version 5.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workarounds:
Set the following registry key (and all sub-keys) permission to Full Control for Administrators and SYSTEM (remove all other permissions):
HKLM\Software\TrendMicro\ScanMail for Exchange\RemoteManagement
HKLM\Software\TrendMicro\ScanMail for Exchange\UserInfo