Yahoo mail authentication bypass Vulnerabilities

ddlmail · August 11, 2006

Yahoo Multiple Vulnerabilities

Various Yahoo! services are vulnerable to authentication bypass, session

binding, weak cookie encoding, cross-site scripting file inclusion and url

redirection vulnerabilities, which is caused due to improper validation of

user-supplied inputs.

1. Authentication Bypass and Session Binding Vulnerability.

A malicious user can log on to the yahoo without submitting the username

and password by constructing a malicious URL using cookies.

2. Cookie Encoding Security Weakness

3. Cross-Site Scripting.

4. URL redirection.

__________________________________________________________________________

SpLo1T · August 11, 2006

Advisory Released : 20th June 06

hmmm cred ca e patched

August 11, 2006

Nu e patched dar nici nu arata mare lucru. E interesant pentru Yahoo Beta ce scrie pe acolo.

Recommended Posts