RealChat account login
| realchat-account-login (21497) |  Medium Risk |
Description:
RealChat could allow a remote attacker to gain unauthorized access to user accounts. RealChat does not have any user authentication which allows a remote attacker to login as a different user.
Platforms Affected:
- RealChat Software, RealChat 3.5.1b
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Bypass Security
References:
- BugTraq Mailing List, Sat Jul 23 2005 - 09:15:23 CDT , Realchat user impersonation - BSA 200506110001 at http://archives.neohapsis.com/archives/bugtraq/2005-07/0405.html.
- RealChat Web site, Chat Server Software - Java Chat for Web Sites - RealChat at http://www.realchat.com/.
- BID-14358: RealChat User Impersonation Vulnerability
- CVE-2005-2403: The login protocol in RealChat 3.5.1b does not use authentication, which allows remote attackers to log on as other users by sniffing the beginning of a chat session and replaying it via a modified username.
- SECTRACK ID: 1014562: RealChat Non-secure Login Protocol Lets Remote Users Impersonate Other Users
Reported:
Jul 23, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net