Vulnerability Description
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Volano Llc | Volanochatpro | 2.1 |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-11/0072.htmlVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2000-11/0085.htmlVendor Advisory
- http://www.securityfocus.com/bid/1906PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5465
- http://archives.neohapsis.com/archives/bugtraq/2000-11/0072.htmlVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2000-11/0085.htmlVendor Advisory
- http://www.securityfocus.com/bid/1906PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5465
FAQ
What is CVE-2000-1148?
CVE-2000-1148 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain pr...
How severe is CVE-2000-1148?
CVE-2000-1148 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-1148?
Check the references section above for vendor advisories and patch information. Affected products include: Volano Llc Volanochatpro.