Mountain-net WebCart Exposed Orders Vulnerability

Mountain-net WebCart Exposed Orders Vulnerability

WebCart is a web commerce product provided by Mountain Network Systems, Inc. Certain poorly configured default installations leave customer order information in remotely accessible text files, including credit card details and other sensitive information. These files include orders/checks.txt, config/import.txt, config/mountain.cfg, and possibly others. Exact version information has not been determined; this default configuration issue may have been resolved in more recent versions. Regardless, it should be noted that this is not a vulnerability in the strictest sense but rather a poor configuration issue.