Yahoo! Messenger ymsgr URI Arbitrary Script Execution
Medium Nessus Network Monitor Plugin ID 1263
SynopsisThe remote host passes information across the network in an insecure manner
DescriptionThe remote host is running a version of Yahoo Instant Messenger that does not encrypt user passwords when authenticating a user during login. Anyone monitoring the local segment can thus extract the passwords of the user running the client.
SolutionUpgrade to the latest version of Yahoo Instant Messenger.