Main Vulnerability Database Vulnerabilities #VU38876

Information disclosure in Easy Chat Server - CVE-2017-9557

Published: June 12, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38876

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-9557

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: EFS Software Inc.

Affected software:
Easy Chat Server

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.

How to mitigate CVE-2017-9557

Install update from vendor's website.

Sources

https://www.exploit-db.com/exploits/42153/

Information disclosure in Easy Chat Server - CVE-2017-9557

Detailed vulnerability description

How to mitigate CVE-2017-9557

Sources

Please verify you're human