CVE-2006-4614 - PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mob

CVE-2006-4614

Summary

PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat.

References

http://airscanner.com/security/05081201_verichat.htm
http://securityreason.com/securityalert/1504
http://securitytracker.com/id?1016786
http://www.securityfocus.com/archive/1/445086/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:pocket_pc:pocket_pc:1.30bh:*:*:*:*:*:*:*
cpe:2.3:a:pocket_pc:pocket_pc:1.30bh:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 17-10-2018 - 21:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:N/A:N

refmap via4

bugtraq	20060903 Airscanner Mobile Security Advisory #05081201: PDAapps Verichat v1.30bh Local Password Disclosure
misc	http://airscanner.com/security/05081201_verichat.htm
sectrack	1016786
sreason	1504

Last major update

17-10-2018 - 21:38

Published

07-09-2006 - 00:04

Last modified

17-10-2018 - 21:38