|
New vulnerability in DMconnect and its fix.
April 24th 2025
(language: English // Russian)
Most recently, a vulnerability was discovered in DMconnect that allows access to one user's account by sending a special packet that masquerades as a packet to send a private message, which allows you to get the user's exact password and session ID, as well as other potentially dangerous and personal data.
It is officially stated that this package was originally intended for the DMconnect administrator to check the performance of the new private messaging system.
The vulnerability has been present in DMconnect since protocol version v3 #0, which was released on December 2, 2024.
Fortunately, the person who discovered the vulnerability decided not to use it for bad purposes, and he told the service administration about it, followed by a complete correction of the problem.
<< Back to news.
|
Social
