CVE-2002-1353

Name of the Vulnerable Software and Affected Versions: LocalWEB2000 HTTP server version 2.1.0

Description: The issue allows remote attackers to obtain passwords in plain text by making a direct request to the users.lst file, which is stored under the web document root. This occurs because the LocalWEB2000 HTTP server stores passwords in plain text in the users.lst file.

Recommendations: For LocalWEB2000 HTTP server version 2.1.0, consider restricting access to the users.lst file to minimize the risk of exploitation. Additionally, avoid storing passwords in plain text and explore alternatives for secure password storage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.