BID:39209

Miranda IM Information Disclosure Vulnerability

Info

Miranda IM Information Disclosure Vulnerability

Bugtraq ID:	39209
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 06 2010 12:00AM
Updated:	Apr 06 2010 04:22PM
Credit:	Jan Schejbal
Vulnerable:	Miranda Miranda IM 0.8.16 Miranda Miranda IM 0.7.1 Miranda Miranda IM 0.7

Not Vulnerable:

Discussion

Miranda IM Information Disclosure Vulnerability

Miranda IM is prone to an information-disclosure vulnerability.

Successful exploits of this issue may allow attackers to perform man-in-the-middle attacks against vulnerable applications and to disclose sensitive information.

Exploit / POC

Miranda IM Information Disclosure Vulnerability

The following exploit is available:

/data/vulnerabilities/exploits/39209.pl

Solution / Fix

Miranda IM Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

References

Miranda IM Information Disclosure Vulnerability

References:

Miranda IM Homepage (Miranda)
Miranda TLS MitM with XMPP/Jabber protocol (Jan Schejbal )