CIA RESEARCH

Alerts

[CIA-1057-Alert] Cenzic Research Lab Identifies Potentially Threatening Application Vulnerability in Yahoo! Mail

Summary:

According to Cenzic analysts, users who access Yahoo! Mail and then log out can be unknowingly left susceptible to malicious activities. After a user session, the flaw can be exploited by a hacker who turns off the JavaScript running on the computer, gaining access to email pages from the browser's cache. Once this vulnerability was discovered, the Yahoo! Mail team was immediately notified and is currently evaluating potential resolutions to the issue. Due to varying browser behaviors and other considerations, it is anticipated that a resolution could take several weeks to appear.

About the Cenzic CIA Team:

Cenzic Intelligent Analysis (CIA) is Cenzic’s research arm that focuses on continuous research for application vulnerabilities. Industry Research, Vulnerability assessment, penetration testing, and security testing — that’s what Cenzic Intelligent Analysis Research is all about. Cenzic has dedicated experts whose sole job is to perform ongoing research to find not only common vulnerabilities but also vulnerabilities found in customer applications and make them available to our customers and to the community at large.

About Cenzic:

Cenzic provides Hailstorm®, the revolutionary enterprise software suite for automated application security assessment and compliance that allows corporations and government organizations to dramatically improve the security of commercial and custom applications. Hailstorm enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic’s customers are currently in the financial services and
e-marketplaces sectors. For more information visit www.cenzic.com or call 1-866-4-CENZIC