CVE-2006-4615 - Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in pla

CVE-2006-4615

Summary

Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\IMPlus\implus.cfg, which allows local users to obtain sensitive information by reading the file.

References

http://airscanner.com/security/05081701_implus.htm
http://securityreason.com/securityalert/1518
http://www.securityfocus.com/archive/1/445082/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:shape_services:im\+_mobile_instant_messenger:3.10_for_pocket_pc:*:*:*:*:*:*:*
cpe:2.3:a:shape_services:im\+_mobile_instant_messenger:3.10_for_pocket_pc:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 17-10-2018 - 21:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:N/A:N

refmap via4

bugtraq	20060903 Airscanner Mobile Security Advisory #05081701: IM+ v3.10 Local Password Plaintext Exposure
misc	http://airscanner.com/security/05081701_implus.htm
sreason	1518

Last major update

17-10-2018 - 21:38

Published

07-09-2006 - 00:04

Last modified

17-10-2018 - 21:38