Views:

Release Date: Aug 31, 2016

Trend Micro Vulnerability Identifier: 2016-0335


Summary

Trend Micro has deployed a fix on the Trend Micro My Account page. This fix resolves a vulnerability in the Trend Micro My Account Forgot Password page that may have allowed someone with malicious intent and with a list of email addresses to identify which one is registered to Trend Micro My Account.

Solution

Trend Micro implemented a fix on the Trend Micro My Account Forgot Password page on August 31, 2016.

Vulnerability Details

This fix resolves a vulnerability in the Trend Micro My Account page where someone with malicious intent and a list of email addresses could have potentially enumerated email addresses of registered users of the website which can then be used for phishing attacks or some other intent.

Trend Micro has not received any reports nor is aware of any actual attacks against the affected website related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank Emad Abou Shanab, for responsibly disclosing this issue and working with Trend Micro to help protect our customers.

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

Related Info

Comments (0)
Add a comment