CVE-2004-1802

Name of the Vulnerable Software and Affected Versions Chat Anywhere versions 2.72 and earlier

Description The issue allows remote attackers to hide their IP address by using %00 before the nickname. This causes the IP address to be displayed as $IP$ on the administration web page.

Recommendations For versions 2.72 and earlier, consider validating and sanitizing user input, especially the nickname field, to prevent the use of %00 and similar characters that can lead to IP address hiding. As a temporary workaround, monitor the administration web page for $IP$ displays and investigate corresponding connections to identify potential attackers.