Andrew Pam

**Name of the Vulnerable Software and Affected Versions** Debian GNU/Linux mnogosearch-common version 3.2.31-1 **Description** The issue allows local users to view the database administrator password due to the use of a world-readable config.dat file for storing the cleartext password in the mnogosearch-common/database admin pass record. **Recommendations** For mnogosearch-common version 3.2.31-1, consider restricting access to the config.dat file until a patch is available. As a temporary workaround, avoid using the mnogosearch-common/database admin pass record to store sensitive information.