Rune Andresen

Name of the Vulnerable Software and Affected Versions: ZoneMinder version 1.23.3 Description: The issue allows local users to obtain the database username and password by reading the /etc/zm.conf file due to its 0644 permissions. Recommendations: For ZoneMinder version 1.23.3, consider changing the permissions of the /etc/zm.conf file to prevent unauthorized access, such as setting the permissions to 0600 to allow only the owner to read and write the file.