Session Hijacking Vulnerability in Drupal's Chatroom Module
CVE-2006-6528

Currently unrated

Key Information:

Vendor: Drupal
Status: Chatroom Module
Vendor: CVE Published:; 14 December 2006

What is CVE-2006-6528?

The Chatroom Module for Drupal, prior to version 4.7.x-1.0, is compromised by a vulnerability that reveals session IDs of all visitors to participants in chatrooms. This flaw allows malicious actors to initiate session hijacking attacks, enabling them to impersonate legitimate users and gain unauthorized access to their accounts, compromising user data and security.

References

http://www.vupen.com/english/advisories/2006/4942

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/23343

third-party-advisoryx_refsource_SECUNIA

http://drupal.org/node/102614

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2006
Vulnerability Reserved
Dec 13, 2006