The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Ignite Spark

vulnerability alert 21221

Spark: vulnerability via Smack

Synthesis of the vulnerability

A vulnerability via Smack of Spark was announced.
Impacted products: Spark.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: intranet client.
Creation date: 28/11/2016.
Identifiers: VIGILANCE-VUL-21221.

Description of the vulnerability

A vulnerability via Smack of Spark was announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 16729

Spark: memory leak

Synthesis of the vulnerability

An attacker can create a memory leak of Spark, in order to trigger a denial of service.
Impacted products: Spark.
Severity: 2/4.
Consequences: denial of service on client.
Provenance: internet server.
Creation date: 27/04/2015.
Identifiers: VIGILANCE-VUL-16729.

Description of the vulnerability

The Spark product implements an instant messaging client.

However, the memory allocated to process some operations is never freed.

An attacker can therefore create a memory leak of Spark, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 11807

Spark: decrypting the password

Synthesis of the vulnerability

A local attacker, who is allowed to read the "spark.properties" file of a user, can retrieve his password saved in Spark.
Impacted products: Spark.
Severity: 1/4.
Consequences: user access/rights.
Provenance: user shell.
Creation date: 31/07/2012.
Identifiers: VIGILANCE-VUL-11807.

Description of the vulnerability

The Spark instant messaging software allows users to save their password.

This password is encrypted with Triple DES, then it is stored in the "spark.properties" file. However, the encryption key is constant for all users.

A local attacker, who is allowed to read the "spark.properties" file of a user, can therefore retrieve his password saved in Spark. It can be noted that this file is usually stored in user's profile, so only administrators can read it.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Ignite Spark: