vqSoft vqServer Plaintext Password Vulnerability

vqSoft vqServer stores its web server settings and passwords in plaintext format in the file server.cfg. If a remote or local user were to obtain read access to server.cfg, they would be able to seize control of the web server by connecting to the remote administration interface on port 9090 and supply the username and password acquired from server.cfg. server.cfg is normally located in the path \Program Files\vqserver\vq\server\cfg\.


Privacy Statement
Copyright 2010, SecurityFocus