Yahoo Mail has huge hole

By Nick Farrell on Oct 2, 2008 12:15 PM
Filed under Messaging

Yahoo's Zimbra client has a security hole so big you can fly an entire Borg collective through the middle of it and not worry about the cubes touching the sides.

Yahoo's Zimbra client has a security hole so big you can fly an entire Borg collective through the middle of it and not worry about the cubes touching the sides.

According to Holden Karau, for some reason the passwords used to access Yahoo mail through the Zimbra client are sent over the Internet in clear text.

Writing in his bog, Karau said that he stumbled upon this problem while participating in the Yahoo Hack Day at the University of Waterloo.

Yahoo imap servers used by the Yahoo Desktop don't support SSL and the password was being transmitted in plain text, he said.

It means that If you use Zimbra to access your Yahoo mail, you almost certainly need to change your password and stop using Zimbra immediately especially if you've ever done so over wireless, Karau warned.

Karau warned Yahoo about the problem during his presentation, but no one seemed to give a toss.

A Zimbra spokesperson said that the problem had already been addressed in code, and a fix is in the next release. Yahoo said it would look into it now the press had got hold of it. µ

yahoo, mail, huge, hole

Ads by Google

What are your thoughts on this article? Add your comment below.

To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.

NOTE: You must be a registered member of SC Magazine to post a comment.

Click here to login | Click here to register

comments powered by Disqus