Vulnerability Note VU#315227

KaZaA Media Desktop discloses username to remote users

Original Release date: 30 Oct 2003 | Last revised: 30 Oct 2003

Overview

The usernames disclosed by the KaZaA Media Desktop peer-to-peer file sharing application do not present a security vulnerability.

Description

The KaZaA Media Desktop is a peer-to-peer file sharing application that allows users to search for and download files from other KaZaA users. This product allegedly contains a security vulnerability that allows remote users to obtain the KaZaA username of other users by establishing a telnet connection to port 1214 of a machine running KaZaA. After researching this application to learn more about its operation, the CERT/CC believes that this transmission of username information is both intentional and entirely benign.

Impact

The usernames disclosed by this application do not present a security vulnerability.

Solution

Users who do not wish to share username information with other users should refrain from using peer-to-peer utilities.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
KaZaANot Affected-27 Sep 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This document was written by Jeffrey P. Lanza.

Other Information

  • CVE IDs: Unknown
  • Date Public: 29 Aug 2001
  • Date First Published: 30 Oct 2003
  • Date Last Updated: 30 Oct 2003
  • Document Revision: 4

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.