CVE-2006-4615

Name of the Vulnerable Software and Affected Versions Shape Services IM+ Mobile Instant Messenger for Pocket PC version 3.10

Description The issue allows local users to obtain sensitive information, such as usernames and passwords, by reading a file. The software stores this information in plaintext in the %PROGRAMFILES%IMPlusimplus.cfg file.

Recommendations For version 3.10, consider removing or securing access to the implus.cfg file to prevent unauthorized reading of sensitive information. As a temporary workaround, restrict access to the implus.cfg file until a more secure method of storing usernames and passwords is implemented.