Vulnerability Note VU#315227

KaZaA Media Desktop discloses username to remote users

Overview

The usernames disclosed by the KaZaA Media Desktop peer-to-peer file sharing application do not present a security vulnerability.

I. Description

The KaZaA Media Desktop is a peer-to-peer file sharing application that allows users to search for and download files from other KaZaA users. This product allegedly contains a security vulnerability that allows remote users to obtain the KaZaA username of other users by establishing a telnet connection to port 1214 of a machine running KaZaA. After researching this application to learn more about its operation, the CERT/CC believes that this transmission of username information is both intentional and entirely benign.

II. Impact

The usernames disclosed by this application do not present a security vulnerability.

III. Solution

Users who do not wish to share username information with other users should refrain from using peer-to-peer utilities.

Systems Affected

Vendor	Status	Date Notified	Date Updated
KaZaA	Not Vulnerable	27-Sep-2001

References

VU#246147
http://www.kazaa.com/
http://securitytracker.com/alerts/2001/Sep/1002311.html
http://securitytracker.com/alerts/2001/Aug/1002299.html

Credit

This document was written by Jeffrey P. Lanza.

Other Information

Date Public:	2001-08-29
Date First Published:	2003-10-30
Date Last Updated:	2003-10-30
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	0.00
Document Revision:	4

If you have feedback, comments, or additional information about this vulnerability, please send us email.