Parachat DoS Vulnerability Synopsis
Written by Matt Smith
Contributions by Amy Marie
Presented by Litchfield County Computer
Parachat chatroom (http://www.parachat.com) servers have a security vulnerability that causes the chat client not to disconnect a user from the chat server if the user leaves the webpage where the room is located by using the Back or Forward buttons in the web browser in place of the logoff button. This allows for “phantom users” to be created in any Parachat chatroom that will remain present for 15 minutes. These users will be registered on the chat server as actual users.
These “phantom users” can build up in a chatroom, easily causing a Denial Of Service (DoS) condition when the number of users exceeds the capacity of a chatroom. If several computers are involved in the attack a chatroom could be flooded to capacity in a matter of minutes. It is also conceivable that a program could be written to automate the exploit steps, making it simple for one computer to cause a DoS condition in a single chatroom. It is possible that such a program, when used to create a Distributed Denial of Service (DDoS) attack, could easily down an entire chat server. This condition would cause all chatrooms hosted on that server to become useless.
To exploit this vulnerability the following steps are required:
1. Log in to any Parachat Chatroom as username
2. Leave the Chatroom page using the methods described above.
3. Return to the Chatroom page.
4. Log back in to the Chatroom under a different username.
5. Repeat steps 2 through 4
Note: These steps have only been tested with Internet Explorer versions 5.0-6.0
Update: Vulnerability has been patched as of July 31, 2002