MDG Web Server 4D Insecure Credential Storage Vulnerability

MDG Web Server 4D is reported to store various types of credentials for optional modules in plaintext on the local filesystem. Local attackers who can read the file containing the credentials may then use the credentials to gain access to other types of sensitive information or perform unauthorized actions.

This issue has been reported in Web Server 4D 3.6. Other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus