[18611] in bugtraq
Yahoo! Instant Messenger
daemon@ATHENA.MIT.EDU (Shaun O'Callaghan)
Mon Jan 15 12:27:16 2001
Message-Id: <20010114154241.26426.qmail@www5>
Date: Sun, 14 Jan 2001 15:42:41 -0000
Reply-To: the_duke247@YAHOO.COM
From: "Shaun O'Callaghan" <the_duke247@YAHOO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
When being warned by my firewall that some packet
contents may contain sensitive data when connecting
to Yahoo! servers with the popular, Yahoo! Instant
Messenger, I found to my amazement my username
and password combination where being sent to the
server in plain text.
This is performed to the many Yahoo! servers by a
plain get request on the standard ports than YIM
uses. As far as I am aware, this is affecting all
clients on all operating systems. YIM passwords also
are used for mail, calenders, bill paying, auction
bidding (which hold CC numbers) well as other
information including addresses on various users. I
feel this is a very dangerous exploit and comes not
long after I discovered the remote character buffer
overflow vulnerability in a previous version, hope it
was of some help.
The_Duke247
Security Editor - BlackBox
http://black.box.sk
