Release Date: Aug 31, 2016
Trend Micro Vulnerability Identifier: 2016-0335
Summary
Trend Micro has deployed a fix on the Trend Micro My Account page. This fix resolves a vulnerability in the Trend Micro My Account Forgot Password page that may have allowed someone with malicious intent and with a list of email addresses to identify which one is registered to Trend Micro My Account.
Solution
Trend Micro implemented a fix on the Trend Micro My Account Forgot Password page on August 31, 2016.
Vulnerability Details
This fix resolves a vulnerability in the Trend Micro My Account page where someone with malicious intent and a list of email addresses could have potentially enumerated email addresses of registered users of the website which can then be used for phishing attacks or some other intent.
Trend Micro has not received any reports nor is aware of any actual attacks against the affected website related to this vulnerability at this time.
Acknowledgement
Trend Micro would like to thank Emad Abou Shanab, for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.