Brute-force attacks target two-year hole in Yahoo! MailYour password is 123456Scammers are exploiting a two-year-old security hole in Yahoo's network that gives them unlimited opportunities to guess login credentials for Yahoo Mail accounts, a researcher said.The vulnerability resides in a web application that automates the process of logging in to the widely used webmail service. Because it fails to carry out a variety of security checks followed by the login page Yahoo! Mail users typically use, it's providing criminals with a backdoor through with user accounts can be breached, said Ryan Barnett, director of application security research at Breach Security."If the front gate of your castle is your login page to Yahoo Mail, they've done a good job of securing it," he told The Register. The web application amounts to "some sort of water tunnel that the bad guys are walking right through."snip