Yahoo! fixes bug that gave free rein to user accounts

by admin June 18, 2007 at 11:37 am

All hail the power of the XSS error!

Yahoo! has plugged a site-wide coding error that made it possible for miscreants to gain complete access to a user’s account simply by convincing the holder to click on a booby-trapped link.

The security defect is the latest to affect a large website, which consumers and businesses are increasingly entrusting with a plethora of sensitive information, such as email, address books and calendar entries. Yahoo patched the vulnerability, which was the result of a cross-site scripting (XSS) error, hours after the Net Cooties blog first reported it on Thursday.

Full story: theregister.co.uk