VULHUB ™

A vulnerability exists in VolanoChatPro 2.1, a Java-based internet chat server which runs on Windows and Unix-like platforms. The configuration file "properties.txt", which is set world-readable following installation, contains entries for the server and admin passwords. These values are not encrypted or otherwise obfuscated. As a result, anyone with access to the VolanoChatPro directory will be able to easily obtain these passwords and compromise administrative access for the chat server.

A vulnerability exists in VolanoChatPro 2.1, a Java-based internet chat server which runs on Windows and Unix-like platforms. The configuration file "properties.txt", which is set world-readable following installation, contains entries for the server and admin passwords. These values are not encrypted or otherwise obfuscated. As a result, anyone with access to the VolanoChatPro directory will be able to easily obtain these passwords and compromise administrative access for the chat server.