iMatix Xitami Administrator Plain Text Password Storage Vulnerability

iMatix Xitami Administrator Plain Text Password Storage Vulnerability

An issue has been reported in Xitami that may result in the disclosure of admin authentication information.

If a local user gained access to the 'default.aut' file, it is possible to retrieve administrator authentication information for Xitami. By default the contents of this file are in plain text and the file is world readable and writable.

It should be noted that the plain text admin credentials is documented in the Xitami FAQ. See reference section for more details.