Vulnerability Description
Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\IMPlus\implus.cfg, which allows local users to obtain sensitive information by reading the file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shape Services | Im\+ Mobile Instant Messenger | 3.10_for_pocket_pc |
References
- http://airscanner.com/security/05081701_implus.htmExploitVendor Advisory
- http://securityreason.com/securityalert/1518
- http://www.securityfocus.com/archive/1/445082/100/0/threaded
- http://airscanner.com/security/05081701_implus.htmExploitVendor Advisory
- http://securityreason.com/securityalert/1518
- http://www.securityfocus.com/archive/1/445082/100/0/threaded
FAQ
What is CVE-2006-4615?
CVE-2006-4615 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\IMPlus\implus.cfg, which allows local users to obtain sensitive information...
How severe is CVE-2006-4615?
CVE-2006-4615 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4615?
Check the references section above for vendor advisories and patch information. Affected products include: Shape Services Im\+ Mobile Instant Messenger.