Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

yahoo.news.ticker.txt

๐Ÿ—“๏ธย 17 Aug 1999ย 00:00:00Reported byย CSBTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 21ย Views

Yahoo News Ticker exposes plaintext user credentials during installation on Windows platforms.

Show more
Code
`FOR IMMEDIATE RELEASE:  
  
Application: Yahoo! NEWS TICKER  
Platforms : Win95,98,NT  
  
Advisory:  
  
The installation process of the Yahoo! NEWS TICKER   
leaves a file name "install.log" in the program   
directory. The file contains plaintext userid and   
password.  
  
The installation process also sets registry entries   
under hkey_local_machine/software/netcontrols/ticker   
that contain the plaintext userID and password.  
  
  
Each yahoo account uses the same password/userid for   
all parts including auctions, news, my.yahoo,   
classifieds, and most importantly, EMAIL!!!!  
  
this is an independant finding not a release by Yahoo!.  
  
Advisory by CSB 24MARCH99  
  
<end of transmission>  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
plaintext user credentialsinstallation processregistry entriesyahoo accountssecurity advisory
21
.json
Report