SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Instant Messaging/IRC/Chat)  >   WFChat Vendors:   jID
WFChat Discloses Nicknames and Passwords to Remote Users
SecurityTracker Alert ID:  1006352
SecurityTracker URL:  http://securitytracker.com/id/1006352
CVE Reference:   CVE-2003-1540   (Links to External Site)
Updated:  Jul 7 2008
Original Entry Date:  Mar 20 2003
Impact:   Disclosure of authentication information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 1.0 Beta
Description:   A vulnerability was reported in WFChat. A remote user can obtain usernames and passwords from the system.

It is reported that the software stores user nicknames and passwords in the following files:

!nicks.txt
!pwds.txt

A remote user can reportedly retrieve these files. Some demonstration exploit URLs are provided:

http://[target]/chat/!nicks.txt
http://[target]/chat/!pwds.txt

Impact:   A remote user can obtain user nick names and passwords.
Solution:   No vendor solution was available at the time of this entry. The vendor's web site indicates that the software is unstable and is not supported.

An unofficial fix is reportedly available from the author of the report at:

http://www.dwcgr0up.com/

Vendor URL:  jid.2yd.ru/en/wfchat.php (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  WF-Chat




Product : WF-Chat
Version : 1.0 Beta
WebSite : http://jid.2yd.ru 
Problem : Viewing users account.


Description:
------------
For own a admin accsess in this chat u'r needing view files:
Inicks.txt
!pwds.txt

In short, all informations about registered users be at this files
And access for reading this files have anyone

Exploits:
---------

http://[somehost]/chat/!nicks.txt
http://[somehost]/chat/!pwds.txt


Link:
-----
www.dwcgr0up.com

Fixs:
-----

U can finf all our fix on our homepage [www.dwcgroup.com]

Thanks:
-------
GipsHack : DHGroup : EXploit.ru : p0is0n : de1irium

Contact:
--------
r2subj3ct@dwclan.org
irc.dwcgr0up.biz @ #dwc

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC