During the University Yahoo! Hack Days (http://developer.yahoo.com/hacku/) a developer discovered or announced a vulnerability in Zimbra (http://www.zimbra.com/) that sent the password as cleartext over the network (http://news.cnet.com...0053870-83.html). The vulnerability has already been fixed (http://news.cnet.com...ag=2547-1_3-0-5) but it is recommended that if you used Zimbra, you should change your Yahoo! password.
From my standpoint this was surely a big goof for Yahoo! but I don’t think it will yield any substantial results. Before this article I had never heard of Zimbra and the attack is only possible if you can tap into the network between the user and Yahoo! (man in the middle attack). Unless you have a highly targeted attack is it doubtful that this will yield any Yahoo! credentials.
The thread at http://www.astahost....thm-t19331.html may also tie into this.
Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!
Yahoo's Zimbra Service Sent Passwords In Cleartext
No replies to this topic
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users