Yahoo! Messenger Shared File Access User Status Enumeration
Medium Nessus Network Monitor Plugin ID 1260
SynopsisThe remote host may give an attacker information useful for future attacks
DescriptionThe remote host is running a version of Yahoo Instant Messenger that reveals whether a user is on-line or not regardless of whether the user is marked as being "invisible". This information can be determined by trying to access the user's shared files: a different error message is reported if the user is on-line than if the user is off-line.
SolutionUpgrade to the latest version of Yahoo! Messenger.