Lucene search
K

yahoo.news.ticker.txt

🗓️ 17 Aug 1999 00:00:00Reported by CSBType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 29 Views

Yahoo News Ticker exposes plaintext user credentials during installation on Windows platforms.

Code
`FOR IMMEDIATE RELEASE:  
  
Application: Yahoo! NEWS TICKER  
Platforms : Win95,98,NT  
  
Advisory:  
  
The installation process of the Yahoo! NEWS TICKER   
leaves a file name "install.log" in the program   
directory. The file contains plaintext userid and   
password.  
  
The installation process also sets registry entries   
under hkey_local_machine/software/netcontrols/ticker   
that contain the plaintext userID and password.  
  
  
Each yahoo account uses the same password/userid for   
all parts including auctions, news, my.yahoo,   
classifieds, and most importantly, EMAIL!!!!  
  
this is an independant finding not a release by Yahoo!.  
  
Advisory by CSB 24MARCH99  
  
<end of transmission>  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation