The usernames disclosed by the KaZaA Media Desktop peer-to-peer file sharing application do not present a security vulnerability.
The KaZaA Media Desktop is a peer-to-peer file sharing application that allows users to search for and download files from other KaZaA users. This product allegedly contains a security vulnerability that allows remote users to obtain the KaZaA username of other users by establishing a telnet connection to port 1214 of a machine running KaZaA. After researching this application to learn more about its operation, the CERT/CC believes that this transmission of username information is both intentional and entirely benign.
The usernames disclosed by this application do not present a security vulnerability.
Users who do not wish to share username information with other users should refrain from using peer-to-peer utilities.
|Date First Published:||2003-10-30|
|Date Last Updated:||2003-10-30 22:11 UTC|