Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Yahoo! Messenger ymsgr URI Arbitrary Script Execution

Medium

Synopsis

The remote host passes information across the network in an insecure manner

Description

The remote host is running a version of Yahoo Instant Messenger that does not encrypt user passwords when authenticating a user during login. Anyone monitoring the local segment can thus extract the passwords of the user running the client.

Solution

Upgrade to the latest version of Yahoo Instant Messenger.