|
WWWBoard Password Disclosure Vulnerability
Solution: Modify the '$passwd_file' Perl variable to point to a password file outside the web document tree. If you web server supports it, you could also configure it to not allow web clients to download the 'passwd.txt' file. If you use Apache you can do so by adding the following commands to the configuration file: <Files passwd.txt> deny from all </Files> |
|
|
Privacy Statement |
