BugTraq
Back to list
|
Post reply
Getting stored passwords in plain text from CheetaChat
Feb 13 2003 06:02PM
b0f www.b0f.net (woot_woot_root yahoo co uk)
A bug exists in CheetaChat which lets an attacker with access to the
yaliases.dat
to get users yahoo passwords in plain text.
I. BACKGROUND
CheetaChat is a free and full-featured chatting client that works with
Yahoo! Chat, CheetaServ and Ichat sites. It lets users use solid
tones,fades, custom fonts and styles! Share your music and files with
friends . CheetaChat is a very popular chat client for Yahoo! Chat!. It
can be downloaded from www.cheetachat.com
II. DESCRIPTION
When users add there yahoo id to cheetachat it gets encrypted and stored
in a file called yaliases.dat which is stored in the folder CheetaChat
was installed to. An attacker who can get access to the yaliases.dat
file can easly retrive the users password's in plain text.
Example: If the attacker loads this file up with cheetachat they can then
get the users password by doing the following 1. log into cheetachat
using the id. 2. click on the settings menu then preferences then once
in there check the box that says Use internal Browser then click ok. 3.
Now click on the Chat menu and click Account/Password . After this the
internal browser will load up and send login and pass to the yahoo login
, If you look at the very end of the address box you will see the users
password in plain text like passwd= then the pass in plain text.
III. ANALYSIS
An attacker able to obtain the target users yaliases.dat file can easily
obtain there yahoo id and password. This could give the attacker access
to the targets full yahoo account including email , personal details
and if the user used the pay direct service on yahoo the attacker could
get credit card information. This is of special concern in shared
environments.
IV. DETECTION
This is vulnerable in all versions on cheetachat including the latest
version 6.5.10. I tested this on WindowsXP home with latest version of
cheetachat.
V. VENDOR
I once contacted the vendor about this problem several months ago and
never got a reply and the problem has never been fixed since.
Regards
b0f (Alan M)
www.b0f.net
b0f (at) b0f (dot) net [email concealed]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
A bug exists in CheetaChat which lets an attacker with access to the
yaliases.dat
to get users yahoo passwords in plain text.
I. BACKGROUND
CheetaChat is a free and full-featured chatting client that works with
Yahoo! Chat, CheetaServ and Ichat sites. It lets users use solid
tones,fades, custom fonts and styles! Share your music and files with
friends . CheetaChat is a very popular chat client for Yahoo! Chat!. It
can be downloaded from www.cheetachat.com
II. DESCRIPTION
When users add there yahoo id to cheetachat it gets encrypted and stored
in a file called yaliases.dat which is stored in the folder CheetaChat
was installed to. An attacker who can get access to the yaliases.dat
file can easly retrive the users password's in plain text.
Example: If the attacker loads this file up with cheetachat they can then
get the users password by doing the following 1. log into cheetachat
using the id. 2. click on the settings menu then preferences then once
in there check the box that says Use internal Browser then click ok. 3.
Now click on the Chat menu and click Account/Password . After this the
internal browser will load up and send login and pass to the yahoo login
, If you look at the very end of the address box you will see the users
password in plain text like passwd= then the pass in plain text.
III. ANALYSIS
An attacker able to obtain the target users yaliases.dat file can easily
obtain there yahoo id and password. This could give the attacker access
to the targets full yahoo account including email , personal details
and if the user used the pay direct service on yahoo the attacker could
get credit card information. This is of special concern in shared
environments.
IV. DETECTION
This is vulnerable in all versions on cheetachat including the latest
version 6.5.10. I tested this on WindowsXP home with latest version of
cheetachat.
V. VENDOR
I once contacted the vendor about this problem several months ago and
never got a reply and the problem has never been fixed since.
Regards
b0f (Alan M)
www.b0f.net
b0f (at) b0f (dot) net [email concealed]
[ reply ]