New Net Technologies · Auditwizard · CVE-2006-4642
**Name of the Vulnerable Software and Affected Versions**
AuditWizard version 6.3.2
**Description**
The issue allows local users to obtain sensitive information by reading a log file. When using "Remote Audit," the administrator password is logged in plaintext to LaytonCmdSvc.log.
**Recommendations**
For AuditWizard version 6.3.2, consider restricting access to the LaytonCmdSvc.log file to minimize the risk of exploitation. As a temporary workaround, avoid using the "Remote Audit" feature until a patch is available.