AOH :: HP Unsorted C :: VA2543.HTM

CamFrog Password Disclosure Vulnerability



CamFrog Password Disclosure Vulnerability
CamFrog Password Disclosure Vulnerability



Advisory:

CamFrog Video Chat Password Disclosure Vulnerability.

Versions Affected:

CamFrog Video Chat Version 5.0(Free one)
Camfrog Pro 5.2 (paied one $49.95)

Release Date:

7 February 2009

Description:

CamFrog Video Chat 5.0 and Camfrog Pro 5.2 suffers from a Local password disclosure vulnerability due to the leak of proper encryption of credentials in the process level .In fact,the credentials can be extracted in clear text by dumping process memory of the live camfrog process when a connection is established.

Note : This vulnerability can be exploited by Social Engineering tricks such as fooling the user to execute malicious code wich would dump the memory of the process.

Proof of Concept:

http://nullarea.net/sploits/c/camfrog/poc.pdf 

Credits:

Zigma [zigmatn{a.t}gmail.com]
http://NullArea.NET 

Time Line Notification:

28-01-209 -- Contacted Via Email , Though no response till now 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.