SOURCE: Cenzic, Inc.

February 07, 2007 12:30 ET

Cenzic Research Lab Alerts Yahoo! of Potentially Threatening Application Vulnerability in Yahoo! Messenger

Information From CIA Lab Leads to Resolution of Problem Before Impacting Users

SAN FRANCISCO, CA -- (MARKET WIRE) -- February 7, 2007 -- RSA -- Cenzic, Inc., a leading provider of automated application security assessment and compliance solutions, today announced that researchers in the company's CIA (Cenzic Intelligent Analysis) Lab discovered a serious vulnerability that, if not remedied, could lead to the exploit of the widely popular Yahoo! Mail application when accessed through its Yahoo! Messenger program. Successful exploitation of this vulnerability would allow an attacker to get active access to a user's account, impersonate the user and then misuse the account.

According to Cenzic analysts, Yahoo! Mail services when accessed via Yahoo! Messenger were vulnerable to information leakage and authentication bypass because of improper Web pages caching by the browser. This could occur when Yahoo! Messenger alerts a user that a new email has arrived. A pop-up window from Yahoo! Messenger allows users to simply click a button to open his email account in the browser, where a URL redirects him to his mailbox, instead of opening Yahoo! Mail separately. However, this URL is not tied with a session and can be used any number of times, even after the user has logged out because the URL entry remains in the browser cache. Malicious users could easily access the browser cache, grab this URL and log in to victim's Yahoo account without needing his credentials.

Under the guidelines of its responsible vulnerability disclosure policy, Cenzic analysts alerted Yahoo! of the issue in late November and alerted CERT. It is Cenzic's policy to give at-risk vendors ample time to resolve the issue before disclosing details so that the at-risk site is not attacked. Once this vulnerability was discovered, the Yahoo! Mail team was immediately notified and took steps to resolve the problem. Yahoo! delivered a complete fix that required integrated changes on the client and server last month.

CIA specializes in the continuous research of application vulnerabilities and the development of remediation strategies to assist customers with their web application security needs in enterprise environments. [Editor's Note: Please see Cenzic press release "With Application-based Attacks on the Rise, No Site is Safe, reports CIA (Cenzic Intelligent Analysis) Lab in Year End Top Five Vulnerabilities List" dated February 7, 2007].


Since discovering the hole, Cenzic's research professionals have worked with the Yahoo! team to provide counsel and support in addressing the issue. Using a proprietary formula for calculating the severity of vulnerability information, Cenzic deemed this a threat worth recognition not only due to the technical aspects inherent to the threat, but also because of the popularity and widespread use of Yahoo! Mail and Yahoo! Messenger technology.

As a leader in application security, Cenzic conducts ongoing vulnerability assessments of Web applications to help protect vendors and end users from malicious attacks," said Scott Parcel, CTO and vice president of engineering for Cenzic. "Cenzic provides this service, as stated in its vulnerability disclosure policy, with integrity and ethical considerations in mind, so that vendors at-risk have ample time to resolve issues before they impact end users."

About Cenzic Intelligent Analysis (CIA) Research

The Cenzic Intelligent Analysis (CIA) team specializes in continuous research into application vulnerabilities and the latest tools and techniques used within the field of application security. The CIA team monitors the latest vulnerabilities and trends affecting application security by tracking Internet newsgroups, forums, mailing lists, and underground websites where vulnerability information is released, In addition to its research focus, CIA experts also perform vulnerability assessment, penetration testing, and security testing.

Cenzic has dedicated experts whose sole job is to perform ongoing research to not only analyze known vulnerabilities but also discover new or undisclosed vulnerabilities in custom, commercial, and open-source applications, and to make this information available to customers and to the community at large in the form of publications and security alerts. Cenzic Hailstorm is updated similar to anti-virus on a regular basis with new vulnerability information to give customers an advantage in staying ahead of new vulnerabilities.

About Cenzic, Inc.

Cenzic, www.cenzic.com, is a leading provider of the next-generation enterprise software and a leading Managed Service offering for application security assessment and risk management that allows Fortune 1000 corporations, mid-sized corporations, and government organizations to dramatically improve the security of web applications. Cenzic solutions are the most accurate, comprehensive, and extensible in the industry. With its flagship Hailstorm product line that includes Hailstorm Starter, Hailstorm Core, Hailstorm Professional, Hailstorm Enterprise ARC (Application Risk Controller) and the ClickToSecure managed service (SaaS), Cenzic is the only company in the industry to offer a complete application security assessment suite for enterprises of all sizes. Cenzic's current focus includes financial services, high tech, e-retail, healthcare, and government sectors.

Contact Information

  • Contact:
    Angelique Faul
    Kulesa Public Relations for Cenzic, Inc.
    513.633.0897
    Email Contact