VULHUB ™

It has been reported that the CheetaChat client is prone to a password disclosure weakness. CheetaChat stores encrypted Yahoo! authentication credentials in a local file named 'yaliases.dat'. If an attacker gains access to the victim user's 'yaliases.dat' file, the contents may be decrypted and disclosed using the CheetaChat internal browser function.

It has been reported that the CheetaChat client is prone to a password disclosure weakness. CheetaChat stores encrypted Yahoo! authentication credentials in a local file named 'yaliases.dat'. If an attacker gains access to the victim user's 'yaliases.dat' file, the contents may be decrypted and disclosed using the CheetaChat internal browser function.