Yahoo! Instant Messenger Plain Text Password Vulnerability

Yahoo! Messenger is the main client for Yahoo's instant messaging service.

It has been reported that Yahoo! Messenger version 4 does not encrypt the data transferred when a user is authenticating.

If a malicious third party could eavesdrop on network traffic between the messenger client and the Yahoo! server, this could potentially disclose, in plain text, the authentication information of a user.


Privacy Statement
Copyright 2010, SecurityFocus