Shape Services · Im+ Mobile Instant Messenger · CVE-2006-4615
**Name of the Vulnerable Software and Affected Versions**
Shape Services IM+ Mobile Instant Messenger for Pocket PC version 3.10
**Description**
The issue allows local users to obtain sensitive information, such as usernames and passwords, by reading a file. The software stores this information in plaintext in the %PROGRAMFILES%IMPlusimplus.cfg file.
**Recommendations**
For version 3.10, consider removing or securing access to the implus.cfg file to prevent unauthorized reading of sensitive information. As a temporary workaround, restrict access to the implus.cfg file until a more secure method of storing usernames and passwords is implemented.