Vulnerability Note VU#315227
KaZaA Media Desktop discloses username to remote users
The usernames disclosed by the KaZaA Media Desktop peer-to-peer file sharing application do not present a security vulnerability.
The KaZaA Media Desktop is a peer-to-peer file sharing application that allows users to search for and download files from other KaZaA users. This product allegedly contains a security vulnerability that allows remote users to obtain the KaZaA username of other users by establishing a telnet connection to port 1214 of a machine running KaZaA. After researching this application to learn more about its operation, the CERT/CC believes that this transmission of username information is both intentional and entirely benign.
The usernames disclosed by this application do not present a security vulnerability.
Users who do not wish to share username information with other users should refrain from using peer-to-peer utilities.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|KaZaA||Not Affected||-||27 Sep 2001|
CVSS Metrics (Learn More)
This document was written by Jeffrey P. Lanza.
- CVE IDs: Unknown
- Date Public: 29 Aug 2001
- Date First Published: 30 Oct 2003
- Date Last Updated: 30 Oct 2003
- Document Revision: 4
If you have feedback, comments, or additional information about this vulnerability, please send us email.