Yahoo! Messenger Communication Log Local Disclosure

2005-05-18T01:27:40
ID OSVDB:16815
Type osvdb
Reporter Torseq Tech.(bindshell@gmail.com)
Modified 2005-05-18T01:27:40

Description

Vulnerability Description

Yahoo! Messenger contains a flaw that may lead to an unauthorized information disclosure.  The problem is that the application stores communication logs in the 'ypager.log' file in plaintext, which will disclose sensitive information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Yahoo! Messenger contains a flaw that may lead to an unauthorized information disclosure.  The problem is that the application stores communication logs in the 'ypager.log' file in plaintext, which will disclose sensitive information resulting in a loss of confidentiality.

References:

Vendor URL: http://messenger.yahoo.com/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0213.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0221.html CVE-2005-1671