(Vendor Issues Fix) Re: Yak! Chat Default Account Lets Remote Users Access the File System
|
|
SecurityTracker Alert ID: 1008188 |
|
SecurityTracker URL: http://securitytracker.com/id/1008188
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 14 2003
|
Impact:
Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.0.1
|
Description:
A vulnerability was reported in the Yak! chat application. A remote user can access the file system.
It is reported that a remote user can access the application by connecting to TCP port 3535 and logging into the FTP service using a standard username ('Yak') and password ('asd123'). The remote user can thus gain access to the target user's file system.
|
Impact:
A remote user can gain access to the target user's file system.
|
Solution:
The vendor has released a fixed version (2.1.0).
|
Vendor URL: www.digicraft.com.au/yak/ (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 14 Nov 2003 17:17:50 +1100
Subject: Yak! Chat Default Account Lets Remote Users Access the File System
|
In response to the "Yak! Chat Default Account Lets Remote Users Access
the File System" issue, the latest version of Yak! (2.1.0) fixes this
problem.
|
|
