Overview
The usernames disclosed by the KaZaA Media Desktop peer-to-peer file sharing application do not present a security vulnerability.
Description
The KaZaA Media Desktop is a peer-to-peer file sharing application that allows users to search for and download files from other KaZaA users. This product allegedly contains a security vulnerability that allows remote users to obtain the KaZaA username of other users by establishing a telnet connection to port 1214 of a machine running KaZaA. After researching this application to learn more about its operation, the CERT/CC believes that this transmission of username information is both intentional and entirely benign. |
Impact
The usernames disclosed by this application do not present a security vulnerability. |
Solution
Users who do not wish to share username information with other users should refrain from using peer-to-peer utilities. |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This document was written by Jeffrey P. Lanza.
Other Information
CVE IDs: | None |
Date Public: | 2001-08-29 |
Date First Published: | 2003-10-30 |
Date Last Updated: | 2003-10-30 22:11 UTC |
Document Revision: | 4 |