Vulnerabilities > CVE-2000-1148 - Unspecified vulnerability in Volano LLC Volanochatpro 2.1

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

volano-llc

NVD

Published: 2001-01-09

Updated: 2017-10-10

Summary

The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.

Vulnerable Configurations

Part	Description	Count
Application	Volano_Llc Volano LLC Volanochatpro 2.1	1

References

http://archives.neohapsis.com/archives/bugtraq/2000-11/0072.html
http://archives.neohapsis.com/archives/bugtraq/2000-11/0085.html
http://www.securityfocus.com/bid/1906
https://exchange.xforce.ibmcloud.com/vulnerabilities/5465