WeChat IM Application Could Disclose Your Password To Attackers

New submitter soulflyz writes "Security researchers found some security issues in WeChat, a popular instant messaging application developed by the Chinese company Tencet. By exploiting these vulnerabilities, any other application installed on the user's phone can force WeChat to send the user's password hash (in plain MD5 format) to an external web server, controlled by the attacker. Android versions of WeChat up to 4.5.1 are confirmed to be vulnerable, but similar issues could interest also other versions of the application. According to recent statistics, WeChat should have about 300 million registered users."

WeChat has a password?

[Anonymous Coward]

I've been using wechat for over a year on two phones and had no idea that I had a password.

witches

[Anonymous Coward]

God damn, it's the fucken middle ages. nothing but crazy ass fears of fraud and cons and hacker and trojens and so much ignorance and fears and crazy crazy tin-foil hat

my husband turned into a frog cause I haven't seen him

everybody is a basket case. they misclick and think their computer is hijacked by the FSB. Crazy-ass thinking. Chilll. Who's creating all this hysteria? The trusted companies who are refuge stand to benefit. The fucken CIA is evil fuckers.