Yahoo! Messenger Shared File Access User Status Enumeration

Medium Nessus Network Monitor Plugin ID 1260


The remote host may give an attacker information useful for future attacks


The remote host is running a version of Yahoo Instant Messenger that reveals whether a user is on-line or not regardless of whether the user is marked as being "invisible". This information can be determined by trying to access the user's shared files: a different error message is reported if the user is on-line than if the user is off-line.


Upgrade to the latest version of Yahoo! Messenger.

Plugin Details

Severity: Medium

ID: 1260

File Name: 1260.prm

Published: 2004/08/20

Modified: 2016/01/21

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND


Base Score: 5.3

Temporal Score: 5.3


Temporal Vector: CVSS3#E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:yahoo:messenger

Reference Information

BID: 6121

OSVDB: 62108