CVE-2008-5784 - Authentication Issues vulnerability in V3Chat V3 Chat Profiles Dating Script 3.0.2

Publication

2008-12-31

Last modification

2017-09-29

Summary

V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

Description

Multiple products from V3 Chat are prone to an authentication-bypass vulnerability because they fail to adequately verify user-supplied input used for cookie-based authentication.Attackers can exploit this vulnerability to gain administrative access to the affected applications, which may aid in further attacks.This issue affects the following products:Profiles/Dating Script 3.0.2Live Support 3.0.4

Solution

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Exploit

Attackers can exploit this issue via a browser.The following example code is available:javascript:document.cookie = "admin=1; path=/";

Classification

CWE-287 - Authentication Issues

Risk level (CVSS AV:N/AC:L/Au:N/C:P/I:P/A:P)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
V3Chat V3 Chat Profiles Dating Script  3.0.2