Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Google Talk Credentials Disclosure Security Issue
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Vulnerabilities
See the original Secunia advisory:
Google Talk Credentials Disclosure Security Issue
| Secunia | Google Talk Credentials Disclosure Security Issue |
|---|---|
 |
4th Jun, 2012 14:05 |
|
Ranking: 0 Posts: 0 User Since: - System Score: - Location: Copenhagen, DK |
Andrea Micalizzi has discovered a security issue in Google Talk, which can be exploited by malicious people to disclose sensitive information. The security issue is caused due to the application insecurely processing the data supplied via the "gtalk://" URI and can be exploited to redirect authentication requests in the clear text to an attacker chosen server. Successful exploitation requires that a localised version is installed without uninstalling the non-localised version. The security issue is confirmed in version 1.0.5. Other versions may also be affected. |
| amsin21 | RE: Google Talk Credentials Disclosure Security Issue | ||||||||
|
4th Jun, 2012 14:05 | ||||||||
| Score: 0 Posts: 2 User Since: 3rd Dec 2009 System Score: 90% Location: IN Last edited on 4th Jun, 2012 14:05 |
Then why Google is not providing the update...http://www.google.com/talk/ | ||||||||
|
|||||||||
| amsin21 | RE: Google Talk Credentials Disclosure Security Issue | ||||||||
|
|
4th Jun, 2012 14:11 | ||||||||
| Score: 0 Posts: 2 User Since: 3rd Dec 2009 System Score: 90% Location: IN Last edited on 4th Jun, 2012 14:11 |
I downloaded Google Talk 1.0.0.105 from http://www.softpedia.com/progDownload/Google-Talk-... .... but error; "This version requires Windows 2000, XP or 2003; you have 6.1. Would you like to continue with the installation anyway?" |
||||||||
|
|||||||||
| Maurice Joyce | RE: Google Talk Credentials Disclosure Security Issue | ||||||||
|
4th Jun, 2012 23:16 | ||||||||
| Score: 10495 Posts: 8,057 User Since: 4th Jan 2009 System Score: 100% Location: UK |
U are really on the wrong thread to talk about Google. Secunia are notifying users of a vulnerability issue. Version 105 was released in 2007 before Windows 7 hence your message "This version requires Windows 2000, XP or 2003; you have 6.1. Would you like to continue with the installation anyway?" Just click continue & it will install as U will note here: http://secunia.com/community/forum/thread/show/127... I do not use Google products but it looks to me like their download links are out of date - I cannot find a change log for this programme nor am I sure it fully supports Windows 7 because there appears little has been updated since 2007. U should ask Google Support to comment. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| RE: Google Talk Credentials Disclosure Security Issue | [+] |
|
| This reply has been deleted | ||
| smbrannon | RE: Google Talk Credentials Disclosure Security Issue | ||||||||
|
|
15th Jun, 2012 23:47 | ||||||||
| Score: 4 Posts: 5 User Since: 27th Dec 2007 System Score: N/A Location: US Last edited on 15th Jun, 2012 23:47 |
The version that PSI offers to replace 104 with is 105, which by this advisory (SA48448) is vulnerable to the same issue as replacing 104 is supposed to remediate. Secunia needs to update their SPS package or provide a download link to a non-vulnerable version of Google Talk. | ||||||||
|
|||||||||
| ddmarshall | RE: Google Talk Credentials Disclosure Security Issue | ||||||||
|
16th Jun, 2012 00:30 | ||||||||
| Score: 1126 Posts: 910 User Since: 8th Nov 2008 System Score: 100% Location: UK |
If you read through this: http://secunia.com/community/forum/thread/show/127... you will find that the download from Secunia contains an upgrade file for 107. I recommend reading the original vulnerability report at http://retrogod.altervista.org/9sg_gtalk_uri.html It seems that US users on 104 are not actually affected. -- This answer is provided “as-is.” You bear the risk of using it. |
||||||||
|
|||||||||
