CamFrog Password Disclosure Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052194 漏洞类型
发布时间 2009-02-09 更新时间 2009-02-09
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009020018
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
 Advisory:

CamFrog Video Chat Password Disclosure Vulnerability.

Versions Affected:

CamFrog Video Chat Version 5.0(Free one)
Camfrog Pro 5.2 (paied one $49.95)

Release Date:

7 February 2009

Description:

CamFrog Video Chat 5.0 and Camfrog Pro 5.2 suffers from a Local password disclosure vulnerability due to the leak of proper encryption of credentials in the process level .In fact,the credentials can be extracted in clear text by dumping process memory of the live camfrog process when a connection is established.

Note : This vulnerability can be exploited by Social Engineering tricks such as fooling the user to execute malicious code wich would dump the memory of the process.

Proof of Concept:

http://nullarea.net/sploits/c/camfrog/poc.pdf

Credits:

Zigma [zigmatn{a.t}gmail.com]
http://NullArea.NET

Time Line Notification:

28-01-209 -- Contacted Via Email , Though no response till now