Cenzic Identifies Major Vulnerability Affecting Yahoo! Mail
- By Grey McKenzie
- Published 06/25/2008
Grey McKenzie
National Cyber Security Founder
Cyber security watchdog & one of the nation's leading cyber security experts, Grey McKenzie is also the Founder of SpyCop Security Software.
His clients include members of the Department of Homeland Security, FBI, CIA, State & Local Law Enforcement.
He is regularly consulted by industry leaders regarding cyber security issues.
To schedule a procedural, technical and non-technical network security audit of your company call 902-467-0200
Researchers at Cenzic discovered the Cross-Site Scripting (XSS) vulnerability in Yahoo! Mail.
The vulnerability was discovered using a Yahoo! Messenger desktop application.
If a hacker successfully exploits this vulnerability, they can gain active access to the victim's account through stealing of the session IDs. An attacker can also execute operations in Yahoo! Mail.
"This vulnerability exposed millions of Yahoo! users to the possibility of identity theft," said Mandeep Khera, vice president of marketing for Cenzic. "Luckily, it was caught early by Cenzic's dedicated experts, whose sole job is to perform ongoing research to find vulnerabilities in various Web applications.
As in all cases of identified vulnerabilities, our team then worked with the exposed company, Yahoo! in this case, to make sure the applications were fixed."
Vulnerability Description
If the attacker is using the Yahoo! Messenger desktop application 8.1.0.209 to chat with the victim, and the victim is using the Messenger support in the new Yahoo! Mail Web application, it will cause a new chat tab to open in the victim's browser.
While chatting, the attacker can change their status to "invisible," causing a message of "offline" in the chat tab of the victim.
The vulnerability occurred when the attacker then changed status, and sent a custom message containing a malicious string in the form of a status message of "online," with the script executed in the context of Yahoo! Mail
on the victim's machine.
This allowed an attacker to get active access to the victim's session ID, and in turn steal their Yahoo! identity, exposing sensitive personal information stored in their Yahoo! account.
Under the guidelines of its responsible vulnerability disclosure policy, the Cenzic Intelligent Analysis team alerted Yahoo! of the issue in May. Yahoo! acknowledged the issue and issued a fix as of June 13.
It is Cenzic's policy to give at-risk vendors ample time to resolve the issue before disclosing the details so that the at-risk site is not attacked.
About Cenzic
Cenzic is the next-generation Web application security assessment and risk management solutions leader.
The Cenzic suite of application security solutions fits the need of any company from remote, Software as a Service (ClickToSecure®), for testing one or more applications, to a full enterprise-wide solution (Cenzic Hailstorm® Enterprise ARC) for effectively managing application security risks across an enterprise.
Always an innovator, Cenzic has integrated Hailstorm with VMware to enable testing of production Web applications through virtualization -- making Cenzic the only company in the industry with a complete solution for assessing Web applications in all stages from development to production.
In addition, Cenzic solutions, targeted at financial services, e-retail, high-tech, energy, healthcare and government sectors, are the most accurate, comprehensive and extensible in the industry, empowering organizations to stay on top of unrelenting application security threats.
The vulnerability was discovered using a Yahoo! Messenger desktop application.
If a hacker successfully exploits this vulnerability, they can gain active access to the victim's account through stealing of the session IDs. An attacker can also execute operations in Yahoo! Mail.
"This vulnerability exposed millions of Yahoo! users to the possibility of identity theft," said Mandeep Khera, vice president of marketing for Cenzic. "Luckily, it was caught early by Cenzic's dedicated experts, whose sole job is to perform ongoing research to find vulnerabilities in various Web applications.
As in all cases of identified vulnerabilities, our team then worked with the exposed company, Yahoo! in this case, to make sure the applications were fixed."
Vulnerability Description
If the attacker is using the Yahoo! Messenger desktop application 8.1.0.209 to chat with the victim, and the victim is using the Messenger support in the new Yahoo! Mail Web application, it will cause a new chat tab to open in the victim's browser.
While chatting, the attacker can change their status to "invisible," causing a message of "offline" in the chat tab of the victim.
The vulnerability occurred when the attacker then changed status, and sent a custom message containing a malicious string in the form of a status message of "online," with the script executed in the context of Yahoo! Mail
This allowed an attacker to get active access to the victim's session ID, and in turn steal their Yahoo! identity, exposing sensitive personal information stored in their Yahoo! account.
Under the guidelines of its responsible vulnerability disclosure policy, the Cenzic Intelligent Analysis team alerted Yahoo! of the issue in May. Yahoo! acknowledged the issue and issued a fix as of June 13.
It is Cenzic's policy to give at-risk vendors ample time to resolve the issue before disclosing the details so that the at-risk site is not attacked.
About Cenzic
Cenzic is the next-generation Web application security assessment and risk management solutions leader.
The Cenzic suite of application security solutions fits the need of any company from remote, Software as a Service (ClickToSecure®), for testing one or more applications, to a full enterprise-wide solution (Cenzic Hailstorm® Enterprise ARC) for effectively managing application security risks across an enterprise.
Always an innovator, Cenzic has integrated Hailstorm with VMware to enable testing of production Web applications through virtualization -- making Cenzic the only company in the industry with a complete solution for assessing Web applications in all stages from development to production.
In addition, Cenzic solutions, targeted at financial services, e-retail, high-tech, energy, healthcare and government sectors, are the most accurate, comprehensive and extensible in the industry, empowering organizations to stay on top of unrelenting application security threats.
