14 DAY TRIAL // In April, security researcher Benjamin Kunz Mejri, the founder and CEO of Vulnerability Lab identified a series of security flaws in DirectPass v1.5.0.1060, Trend Micro’s cloud-based password manager software that allows users to store their passwords and login IDs in one secure location.
The first vulnerability, catalogued as a “medium” risk vulnerability, allowed a local attacker to inject arbitrary commands from a low-privilege system user account to compromise the software.
“The vulnerability is located in the DirectPass master password setup module of the Trend Micro InstallWorkspace.exe file. The master password module of the software allows users to review the included password in the secound step for security reason,” reads the advisory provided by Vulnerability Lab to Softpedia.
“The hidden protected master password will only be visible in the check module when the customer is processing to ‘mouseover’ onto the censored password field. When the software is processing to display the hidden password in plain the command/path injection will be executed out of the not parsed master password context in the field listing.”
The second issue was a persistent input validation vulnerability that plagued the “directpass check” module and it could be triggered when “processing to list a manipulated master password.”
The vulnerability, which required medium user interaction, could be leveraged for persistent session hijacking, phishing, module context manipulation and persistent redirects to malicious websites.
The third and final bug was a critical pointer (DOS) vulnerability that could be exploited by a local attacker to crash the application or compromise the bound dynamic link library (libcef).“Attackers can inject scripts with loops to mouseover multiple times the hidden password check listing of the master password. The result is a stable crash down of the InstallWorkspace.exe. The problem occurs in the libcef.dll (1.1.0.1044) of the Trend Micro DirectPass v1.5.0.1060 software core,” Benjamin Kunz Mejri explained.
Vulnerability Lab has published the details of the security holes because Trend Micro has addressed them.“Trend Micro was cooperative and confirmed the zero day vulnerabilities in the cloud service software. The developer team is providing a full patch for all 3 issues since May to address the bugs in the software core,” the expert noted.
The complete proof of concept and additional technical details are available here. The company has also provided a demonstration video:
