Description
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspx
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN37183636/index.html
Vendor Advisory x_refsource_misc
https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1124091.aspx
Third Party Advisory x_refsource_misc
https://jvn.jp/jp/JVN37183636/index.html
Scores
CVSS v3
5.5
EPSS
0.0013
EPSS Percentile
32.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (2)
trendmicro/password_manager
5.0 - 5.0.0.1076
trendmicro/password_manager
5.0 - 5.0.1047
Published
Jan 18, 2020
Tracked Since
Feb 18, 2026