World-writeable permissions on Architext.conf file in Excite for Web Servers (EWS) 1.1 allows unauthorized access to Excite accounts

World-writeable permissions on Architext.conf file in Excite for Web Servers (EWS) 1.1 allows unauthorized access to Excite accounts

CVE-1999-1071 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file.

Learn more about our Web App Pen Testing.