{"vuid":"VU#246147","idnumber":"246147","name":"Morpheus discloses username to remote users","keywords":["Morpheus","KaZaA","disclose username","port 1214/tcp"],"overview":"The usernames disclosed by the Morpheus peer-to-peer file sharing application do not present a security vulnerability.","clean_desc":"Morpheus is a peer-to-peer file sharing application that allows users to search for and download files from other Morpheus users. This product allegedly contains a security vulnerability that allows remote users to obtain the Morpheus username of other users by establishing a telnet connection to port 1214 of a machine running Morpheus. After researching this application to learn more about its operation, the CERT/CC believes that this transmission of username information is both intentional and entirely benign.","impact":"The usernames disclosed by this application do not present a security vulnerability.","resolution":"Users who do not wish to share username information with other users should refrain from using peer-to-peer utilities.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Jeffrey P. Lanza.","public":["http://www.musiccity.com/","http://securitytracker.com/alerts/2001/Sep/1002311.html","http://securitytracker.com/alerts/2001/Aug/1002299.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-09-14T17:47:03Z","publicdate":"2001-09-01T00:00:00Z","datefirstpublished":"2003-10-30T22:11:53Z","dateupdated":"2003-10-30T22:12:10Z","revision":3,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"1","cam_impact":"0","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}