PT-2005-3317 · Realchat · Realchat

Published

2005-07-27

Updated

2017-07-11

CVE-2005-2403

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions RealChat version 3.5.1b

Description The issue concerns the login protocol, which lacks authentication. This allows remote attackers to log on as other users by sniffing the beginning of a chat session and replaying it via a modified username.

Recommendations For RealChat version 3.5.1b, consider implementing authentication in the login protocol to prevent unauthorized access. As a temporary workaround, restrict access to sensitive features that rely on the login protocol until a proper fix is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2403

Affected Products

Realchat

PT-2005-3317 · Realchat · Realchat

CVE-2005-2403

Related Identifiers

Affected Products

References · 5