Sven Dreyer

**Name of the Vulnerable Software and Affected Versions** kphone version 4.2 **Description** The issue allows local users to read usernames and SIP passwords due to world-readable permissions of the .qt/kphonerc file created by kphone. **Recommendations** For kphone version 4.2, consider changing the permissions of the .qt/kphonerc file to prevent world-readable access, or restrict local user access to sensitive information stored in this file.