The vulnerability stems from how credentials are persisted after login. While exact function names aren't disclosed in available resources, the core issue is the file creation with 0644 permissions in the CLI's login flow. This matches the described vulnerability pattern of insecure credential storage. The prefs.json file's permissions are set during write operations in the login process(), making the credential storage function fundamentally vulnerable. Confidence is high because the attack vector (local file read) and root cause (incorrect permissions) are explicitly documented in multiple sources.