Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Instant Messaging/IRC/Chat)  >   WFChat Vendors:   jID
WFChat Discloses Nicknames and Passwords to Remote Users
SecurityTracker Alert ID:  1006352
SecurityTracker URL:
CVE Reference:   CVE-2003-1540   (Links to External Site)
Updated:  Jul 7 2008
Original Entry Date:  Mar 20 2003
Impact:   Disclosure of authentication information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 1.0 Beta
Description:   A vulnerability was reported in WFChat. A remote user can obtain usernames and passwords from the system.

It is reported that the software stores user nicknames and passwords in the following files:


A remote user can reportedly retrieve these files. Some demonstration exploit URLs are provided:


Impact:   A remote user can obtain user nick names and passwords.
Solution:   No vendor solution was available at the time of this entry. The vendor's web site indicates that the software is unstable and is not supported.

An unofficial fix is reportedly available from the author of the report at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  WF-Chat

Product : WF-Chat
Version : 1.0 Beta
WebSite : 
Problem : Viewing users account.

For own a admin accsess in this chat u'r needing view files:

In short, all informations about registered users be at this files
And access for reading this files have anyone





U can finf all our fix on our homepage []

GipsHack : DHGroup : : p0is0n : de1irium

-------- @ #dwc


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC