[原文]The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.
Yahoo! Messenger Communication Log Local Disclosure
Local Access Required
Loss of Confidentiality
Yahoo! Messenger contains a flaw that may lead to an unauthorized information disclosure. The problem is that the application stores communication logs in the 'ypager.log' file in plaintext, which will disclose sensitive information resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.