{"vuid":"VU#354387","idnumber":"354387","name":"Yahoo! Mobile service discloses random sensitive information to unauthorized users","keywords":["Yahoo","mobile service","random sensitive information","username","password","unauthorized user","Konqueror","Opera","Verizon"],"overview":"The Yahoo! Mobile service contains an information exposure vulnerability.","clean_desc":"The Yahoo! Mobile Service enables users of handheld devices to take advantage of the same kinds of services Yahoo! Inc. offers to traditional desktop computing users (e.g. web browsing, email, etc.). A vulnerability in the Yahoo! Mobile service allows an attacker to view random queries from legitimate Yahoo! Mobile users. As a result, an attacker may be able to view privileged data, including any credentials that the victim had stored in recently viewed email messages.","impact":"An attacker can cause Yahoo! Mobile servers to return random web pages. Note that the attacker does not have any control over which pages are returned.","resolution":"Yahoo! Inc. has fixed this vulnerability.","workarounds":"","sysaffected":"","thanks":"The CERT/CC thanks Bob Whittle for reporting this vulnerability. We also thank Yahoo! Inc. for their rapid response to this issue.","author":"This document was written by Ian A Finlay.","public":["h","t","t","p",":","/","/","m","o","b","i","l","e",".","y","a","h","o","o",".","c","o","m","/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-06-10T18:04:55Z","publicdate":"2003-02-17T00:00:00Z","datefirstpublished":"2003-02-17T14:15:44Z","dateupdated":"2003-02-21T14:17:20Z","revision":13,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"3","cam_impact":"15","cam_easeofexploitation":"10","cam_attackeraccessrequired":"15","cam_scorecurrent":"1.3921875","cam_scorecurrentwidelyknown":"3.796875","cam_scorecurrentwidelyknownexploited":"6.328125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.3921875,"vulnote":null}