Roschat

2025: In the Russian messenger "Roschat" - a critical vulnerability. FSTEC recommends an urgent update

In mid-March, FSTEC sent out a warning about the discovery of a critical vulnerability BDU:2025-02780^[1] in the Russian corporate messenger Roschat developed by ITSoft. Its danger is estimated as 10 out of 10 according to CVSS, and there is an exploit for the vulnerability. The manufacturer has released an update for the product, which FSTEC experts recommend installing as quickly as possible.

The error was discovered on December 24 by a company specialist CyberOK"" under the working pseudonym xh4vm. It allows an attacker by sending a specially crafted GET request to gain unauthorized access to read, change or delete data in employee correspondence. The vulnerability is associated with insufficient protection of service data. All versions of the product from 5.1.1827 to 5.3.2091 can be used to interfere with corporate correspondence, so it is recommended to update them to older ones, where the error has already been fixed.

According to the SKIPA monitoring system, the vast majority of software copies found on the Runet are susceptible to this vulnerability, the information message of the SayberOK company said. - In this regard, experts strongly recommend urgently updating the software to avoid the risks of data compromise.

Although the vulnerability was discovered last December, it only became known now that the developer has released updates to fix the problem.

The vulnerability allows attackers to gain unauthorized access to messenger data, "warned TAdviser readers Dmitry Kokorin, director of information security at Innostage. - Possible consequences - disclosure, leakage of sensitive information and its destruction. The danger is obvious, and a critical score of 10 points confirms this, especially given that an exploit for this vulnerability already exists.

Moreover, Roschat is listed in the register of domestic products under No. 6176, which allows it to be used in state-owned companies and departments.

𝓲

Фото: "ITSoft"

Roschat is used mainly in state-owned companies and the public sector, - Stanislav Polyansky, owner of the DION product, shared his data with TAdviser. - The discovered vulnerability was assigned the highest degree of danger in the FSTEC threat data bank - 10 out of 10. Judging by the CVSS vector, the vulnerability can be exploited remotely by any entity accessing the service without any privileges. At the same time, to carry out an attack, the offender does not need interaction with service users - through it, it is possible to influence both the service itself and other system components. The impact from the corresponding attack is maximized, because the intruder can gain unauthorized access to read, change or delete data.

Therefore, Roschat users need to install updates as quickly as possible, not only on the corporate infrastructure, but also on user devices.

To protect yourself, first of all, it is necessary to update to the latest corrected version (at least 5.3.2091), "Mikhail Spitsyn, an analyst engineer at the company's analytical center, recommended to TAdviser readers. Gazinformservice- Next, we need to implement an integrated approach to security: monitoring, which can be organized through corporate monitoring centers, network segmentation, strict access configuration, disable or protect interfaces and protocols that are not used, organize encryption and auditing of source code. The use of all these measures will help reduce the risk not only for Roschat, but also for any other corporate application that exchanges confidential data.

2024: Enterprise Messenger Expanded

On September 2, 2024, Informtechnika presented an expansion of the line of domestic solutions to ensure technological independence and modernization of communication systems of Russian enterprises.

Roschat, a comprehensive UC platform. The capabilities of the enterprise, messenger which is now a full-fledged UC platform, have been expanded. ROSCHAT not only provides exchange of messages and calls, but it is integrated also with corporate systems from to Active Directory. ERP This allows you to optimize from business processes onboarding new employees to conducting corporate polls and votes. Special attention is paid to security: ROSCHAT is installed at servers enterprises, ensures enciphering data and supports work on trusted Russian ones. OS The platform integrates with security systems,, SBC and DLP SIEM NTA, which makes it possible to create a secure environment for corporate communications. More. here

2023

Support for work on the Aurora OS

Since November 2023, the corporate messenger ROSCHAT has been operating on Aurora OS. This was announced by the Open Mobile Platform (OMP) on December 15, 2023.

Now the ROSCHAT client works with Aurora, Android, Linux operating systems and supports control from the domestic MDM system Aurora Center.

In November 2023, the developer of the corporate messenger ROSCHAT updated its solution, combining all types of business communications, to version 4.5. Now all users have video conferencing (VKS) functionality right out of the box. The capabilities of the module built into the VKS messenger are enough for video conferencing as part of commands. If the company is faced with the task of large-scale video broadcasting with an audience of several hundred people or more, then this is feasible by purchasing additional video licenses.

In the near future, the Informtechnika Group of Companies will significantly expand the functionality of the messenger by releasing the ROSCHAT 5.0 version., Taking it and the business communications it serves to a new level. The essence of the change will be that all companies or branches with ROSCHAT deployed will be able to unite into a single network and ensure safe communication between users of different locations. This form of information and data exchange is called "federation." Compatibility with Aurora OS will be built into the solution architecture.

The ROSCHAT application includes corporate telephone communications, text messages, direct audio and video calls, as well as VKS. Integration with various access control systems (ACS), with corporate telephony, AD or other LDAP directories, as well as with MS Exchange and DLP systems is possible.

{{quote 'The corporate messenger ROSCHAT, developed by Informtechnika Group for Aurora OS, complements our current application catalog well in terms of solutions designed for corporate communications. Thanks to its multifunctionality, integration capabilities with various systems to enciphering data , ROSCHAT as a single communication platform provides customers with a single secure solution for interaction between employees and information exchange. In light of the fact that customers are increasingly focused on complex solutions, we are confident that the Informtechnika Group of Companies product will meet the needs of both our current and future customers in the field of corporate communications, "said Tatyana Kovaleva, Development Manager of the Open Mobile Platform Partner Network. }}

We are very glad that Informtechnika Group of Companies has become part of the Aurora OS ecosystem, and I am sure that many years of experience and a high level of our development will allow us to jointly develop this product using all the opportunities offered by the Aurora platform together with other market leaders, - confirmed Artem Cheprak, General Director of Informtechnika and Svyaz JSC.

Integration of VideoMost 9.0 into Roschat 4.3

The Russian The companies Informtechnika and Communication"" VideoMost and July 20, 2023 presented an updated version messenger of Roschat 4.3, which includes server for 9.0 videoconferences VideoMost. Unified communications without additional settings. Read more here.

Inclusion of Russian products for digital workplace in the map

In June 2023, the product was included in the TAdviser card "Employee Digital Workplace 2023."

Integration with InfoWatch Traffic Monitor

On April 6, 2023, the GC InfoWatch announced the completion of integration DLP a system to prevent leaks confidential data InfoWatch Traffic Monitor Russian with corporate messenger Roschat, developed by the GC "." Informtechnika More. here

2021

Integration with VideoMost BIT

The group of companies INFORMTECHNIKA"" and the company VideoMost on October 29, 2021 announced the completion integration ON VideoMost Video Conferencing messenger of Roschat. More. here

Adding to the project catalog "Map of innovative solutions"

Following the monitoring of Russian innovative solutions conducted by the Moscow Innovation Agency with the support of the Moscow Government, the ROSCHAT software and hardware complex manufactured by Informtechnika was added to the catalog of the Innovative Solutions Map project. The developer announced this on March 30, 2021.

The project is aimed at developing products and services, improving the quality and comfort of the urban environment in Moscow. Participation in the project gives developers the opportunity to get into the selection of innovative solutions that the Agency forms under the requests of state and commercial customers. In turn, participation in the project will allow customers to quickly find the product of interest and purchase it in the state trading system as innovative.

According to Informtechnika specialists, the inclusion of ROSCHAT in the project will significantly increase interest in the product from the target market segment and expand the range of potential customers.

Product features

(data current for April 2021)

• Unified communication platform for employees.
• Corporate Contact Guide.
• Voice communications.
• Messaging and group chats.
• Integration with information and communication systems.
• Channel and data security.
• Compliance

• Domestic proven developer excludes NDV
• Servers inside the enterprise LAN
• Secure channels for all types of communication
• Encryption of transmitted content
• Business Directory is not available as a document
• Mobile Phone Numbers Not Used
• Message and call history allows for investigation of incidents
• Possibility of using certified CIPFs

• Integration with RBS products.
• Connecting the bank's customer to the communication system.
• Communications with the client over a secure channel.
• Special opportunities for top management.
• Certification of the solution for compliance requirements.

• Single platform for communications.
• It does not require modernization of communication systems.
• Ready-made contact directory.
• Tools for individual and collective work.
• Integration with various information and communication systems.
• Centralization capability.
• Security of communication channels and transmitted data.
• The possibility of branding and customization to the customer's requirements.