SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#354387

Yahoo! Mobile service discloses random sensitive information to unauthorized users

Overview

The Yahoo! Mobile service contains an information exposure vulnerability.

I. Description

The Yahoo! Mobile Service enables users of handheld devices to take advantage of the same kinds of services Yahoo! Inc. offers to traditional desktop computing users (e.g. web browsing, email, etc.). A vulnerability in the Yahoo! Mobile service allows an attacker to view random queries from legitimate Yahoo! Mobile users. As a result, an attacker may be able to view privileged data, including any credentials that the victim had stored in recently viewed email messages.

II. Impact

An attacker can cause Yahoo! Mobile servers to return random web pages. Note that the attacker does not have any control over which pages are returned.

III. Solution

Yahoo! Inc. has fixed this vulnerability.

Systems Affected
VendorStatusDate NotifiedDate Updated
Yahoo! Inc.Vulnerable21-Feb-2003

References

http://mobile.yahoo.com/

Credit

The CERT/CC thanks Bob Whittle for reporting this vulnerability. We also thank Yahoo! Inc. for their rapid response to this issue.

This document was written by Ian A Finlay.

Other Information

Date Public:2003-02-17
Date First Published:2003-02-17
Date Last Updated:2003-02-21
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:1.39
Document Revision:13

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader