PT-2005-2648 · Yahoo · Yahoo! Messenger

Torseq Tech

Published

2005-05-19

Updated

2016-10-18

CVE-2005-1671

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Yahoo! Messenger versions 5.x through 6.0

Description The issue allows local users to obtain sensitive information from other users due to the Logfile feature not properly warning later users when it has been enabled. This feature can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users.

Recommendations For Yahoo! Messenger versions 5.x through 6.0, consider disabling the Logfile feature to prevent unauthorized access to sensitive information. As a temporary workaround, restrict access to the ypager.log file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1671

Affected Products

Yahoo! Messenger

PT-2005-2648 · Yahoo · Yahoo! Messenger

CVE-2005-1671

Related Identifiers

Affected Products

References · 2