Yahoo! Messenger Shared File Access User Status Enumeration

medium Nessus Network Monitor Plugin ID 1260

Synopsis

The remote host may give an attacker information useful for future attacks

Description

The remote host is running a version of Yahoo Instant Messenger that reveals whether a user is on-line or not regardless of whether the user is marked as being "invisible". This information can be determined by trying to access the user's shared files: a different error message is reported if the user is on-line than if the user is off-line.

Solution

Upgrade to the latest version of Yahoo! Messenger.

Plugin Details

Severity: Medium

ID: 1260

Family: Internet Messengers

Published: 8/20/2004

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:yahoo:messenger

Reference Information

BID: 6121

Detections

Analytics