Trend Micro Direct Pass - Filter Bypass & Cross Site Scripting Vulnerability May 10 2016 09:19AM:SecurityFocus
トレンドマイクロのパスワードマネージャーって、DirectPassって名前なんだね。
Document Title:
===============
Trend Micro Direct Pass - Filter Bypass & Cross Site Scripting VulnerabilityReferences (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1716Trend Micro Security ID: 1-1-1039900197
Release Date:
=============
2016-05-01Vulnerability Laboratory ID (VL-ID):
====================================
1716Common Vulnerability Scoring System:
====================================
4.3Product & Service Introduction:
===============================
DirectPass runs as a local console and browser plug-in but can also sync between multiple PC installations through your Trend Micro account.
Unlike LastPass 1.72 (free, 5 stars), Dashlane (free, 4.5 stars), and RoboForm Everywhere 7 ($19.95 direct, 4.5 stars), it doesn`t let you
log in to your saved credentials online. However, it will sync with free DirectPass apps for Android and iPhone. You can also test a free
edition that manages just five passwords.DirectPass can export its data for import to another DirectPass installation. It can also import login data from LastPass. Hoping to get a
fast start, I imported my 200+ LastPass logins. The results were disappointing. For starters, DirectPass doesn`t include the ability to
categorize sites, so my passwords came through as an unordered list, a very long list. There`s no way to sort the list, and no provision to
search for a particular login. For some reason, clicking in the list`s scroll bar doesn`t scroll down by one `page` of items. Instead, it
scrolls to the corresponding location in the list. Finding any particular login required tediously scrolling through the entire list.(Copy of the Vendor Homepage: https://www.directpass.com/signin )
http://www.securityfocus.com/archive/1/538348