SECUNIA ADVISORY ID: SA23343
VERIFY ADVISORY: http://secunia.com/advisories/23343/
CRITICAL: Moderately critical
IMPACT: Hijacking, Exposure of sensitive information
SOFTWARE: Drupal Chatroom Module 4.x - http://secunia.com/product/12872/
DESCRIPTION: A vulnerability has been reported in the Chatroom Module for Drupal, which can be exploited by malicious people to hijack user sessions. The vulnerability is caused due to the application broadcasting session IDs of chatroom visitors to all participants in a chatroom. This can be exploited to hijack other users' sessions and gain access to the site with their privileges. A security issue where private messages were displayed in the "last messages" overview of a chatroom has also been fixed. The vulnerability is reported in all prerelease versions.
SOLUTION: Update to the latest version 4.7.x-1.0.
PROVIDED AND/OR DISCOVERED BY: Eirik Hodne
ORIGINAL ADVISORY: http://drupal.org/node/102614
Drupal Chatroom Module Session ID Information DisclosurePosted on Monday, December 11, 2006 @ 08:25:04 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
