CheetaChat Internal Browser Plaintext Password Disclosure Weakness

CheetaChat Internal Browser Plaintext Password Disclosure Weakness

It has been reported that the CheetaChat client is prone to a password disclosure weakness.

CheetaChat stores encrypted Yahoo! authentication credentials in a local file named 'yaliases.dat'. If an attacker gains access to the victim user's 'yaliases.dat' file, the contents may be decrypted and disclosed using the CheetaChat internal browser function.