CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#354387

Yahoo! Mobile service discloses random sensitive information to unauthorized users

Overview

The Yahoo! Mobile service contains an information exposure vulnerability.

I. Description

The Yahoo! Mobile Service enables users of handheld devices to take advantage of the same kinds of services Yahoo! Inc. offers to traditional desktop computing users (e.g. web browsing, email, etc.). A vulnerability in the Yahoo! Mobile service allows an attacker to view random queries from legitimate Yahoo! Mobile users. As a result, an attacker may be able to view privileged data, including any credentials that the victim had stored in recently viewed email messages.

II. Impact

An attacker can cause Yahoo! Mobile servers to return random web pages. Note that the attacker does not have any control over which pages are returned.

III. Solution

Yahoo! Inc. has fixed this vulnerability.

Systems Affected
VendorStatusDate Updated
Yahoo! Inc.Vulnerable21-Feb-2003

References


http://mobile.yahoo.com/

Credit

The CERT/CC thanks Bob Whittle for reporting this vulnerability. We also thank Yahoo! Inc. for their rapid response to this issue.

This document was written by Ian A Finlay.

Other Information

Date Public02/17/2003
Date First Published02/17/2003 09:15:46 AM
Date Last Updated02/21/2003
CERT Advisory 
CVE Name 
Metric1.39
Document Revision13

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2003 Carnegie Mellon University