CVE-2002-0202

Name of the Vulnerable Software and Affected Versions PaintBBS version 1.2

Description The issue allows local users to obtain the encrypted server password via the world-readable oekakibbs.conf file or modify the server configuration via the world-writeable /oekaki/ folder due to insecure permissions of certain files and directories installed by PaintBBS.

Recommendations For PaintBBS version 1.2, consider changing the permissions of the oekakibbs.conf file to restrict read access and modify the permissions of the /oekaki/ folder to prevent write access by unauthorized users.