World-readable permissions for web.xml configuration file in Thermostat before 2.0.0 allows unauthorized access to user credentials

World-readable permissions for web.xml configuration file in Thermostat before 2.0.0 allows unauthorized access to user credentials

CVE-2015-3201 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.

Learn more about our Web App Pen Testing.