Updated:  February 21, 2003

Status

Affected

Vendor Statement

Yahoo! thanks CERT and the original reporter. We take user information privacy and security very seriously. As a result of their cooperation, this issue was resolved within 8 hours of notification by CERT. Because this was corrected on the server, no action by users is required. To notify Yahoo! of other technical security vulnerabilities, please use the address security@yahoo-inc.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please note that this vulnerability was "fixed" by Yahoo! Inc. on the evening of June 14th, 2002.