Jonathan Read

**Name of the Vulnerable Software and Affected Versions** PDAapps Verichat for Pocket PC version 1.30bh **Description** The issue allows local users to obtain sensitive information because usernames and passwords are stored in plaintext in the Windows Mobile registry. This can be accessed via keys under HKEY CURRENT USERSoftwarePDAappsVeriChat. **Recommendations** For PDAapps Verichat for Pocket PC version 1.30bh, consider restricting access to the Windows Mobile registry to minimize the risk of exploitation. As a temporary workaround, avoid using the application until a secure method of storing usernames and passwords is implemented. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Shape Services IM+ Mobile Instant Messenger for Pocket PC version 3.10 **Description** The issue allows local users to obtain sensitive information, such as usernames and passwords, by reading a file. The software stores this information in plaintext in the %PROGRAMFILES%IMPlusimplus.cfg file. **Recommendations** For version 3.10, consider removing or securing access to the implus.cfg file to prevent unauthorized reading of sensitive information. As a temporary workaround, restrict access to the implus.cfg file until a more secure method of storing usernames and passwords is implemented.

**Name of the Vulnerable Software and Affected Versions** Soti Pocket Controller-Professional version 5.0 **Description** The issue allows remote attackers to send a series of packets to port 5492, enabling them to turn off, reboot, or hard reset a PDA. **Recommendations** For Soti Pocket Controller-Professional version 5.0, consider restricting access to port 5492 to minimize the risk of exploitation.