VolanoChatPro Local Password Disclosure Vulnerability

A vulnerability exists in VolanoChatPro 2.1, a Java-based internet chat server which runs on Windows and Unix-like platforms.

The configuration file "properties.txt", which is set world-readable following installation, contains entries for the server and admin passwords. These values are not encrypted or otherwise obfuscated. As a result, anyone with access to the VolanoChatPro directory will be able to easily obtain these passwords and compromise administrative access for the chat server.


Privacy Statement
Copyright 2010, SecurityFocus