An attacker examines an available client application for the presence of
						sensitive information. This information may be stored in configuration
						files, embedded within the application itself, or stored in other ways.
						Sensitive information may include long-term keys, passwords, credit card or
						financial information, and other private material that the client uses in
						its interactions with the server. While servers are (hopefully) protected
						with professional security administrators, most users may be less skilled at
						protecting their clients. As a result, the user client may represent a weak
						link that an attacker can exploit. If an attacker can gain access to a
						client installation, they may be able to detect and lift sensitive
						information that could be used directly (such as financial information), or
						allow the attacker to subvert future communication between the client and
						the server. In some cases, it may not even be necessary to gain access to
						another user's installation - if all instances of the client software are
						embedded with the same sensitive information (for example, long term keys
						for communication with the server) then the attacker must simply find a way
						to gain their own copy of the client in order to perform this attack.