Information Disclosure in Yahoo! Messenger Versions
CVE-2005-1671

Currently unrated

Key Information:

Vendor: Yahoo
Status: Messenger
Vendor: CVE Published:; 19 May 2005

What is CVE-2005-1671?

The Logfile functionality in Yahoo! Messenger versions 5.x to 6.0 can be inadvertently activated via a YMSGR: URL, resulting in the storage of all user session data within a single log file (ypager.log). This feature fails to provide adequate warnings to subsequent users when enabled, allowing local users access to potentially sensitive information from other users sharing the same machine. The flaw poses a serious risk of unauthorized information exposure, emphasizing the importance of user awareness and the need for robust security measures in messaging applications.

References

http://marc.info/?l=bugtraq&m=111643475210982&w=2

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2005
Vulnerability Reserved
May 19, 2005

CVE-2005-1671 Data

JSON