Insufficient Access Control in WF-Chat 1.0 Beta Allows Remote Authentication Information Retrieval

Insufficient Access Control in WF-Chat 1.0 Beta Allows Remote Authentication Information Retrieval

CVE-2003-1540 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt.

Learn more about our Web App Pen Testing.