CVE-2002-2301

Name of the Vulnerable Software and Affected Versions: Lawson Financials version 8.0

Description: The issue concerns the storage of usernames and passwords in a world-readable file when Lawson Financials is configured to use a third-party relational database. This allows local users to read the passwords and log onto the database.

Recommendations: For Lawson Financials version 8.0, consider restricting access to the file that stores usernames and passwords to prevent local users from reading the passwords and logging onto the database. As a temporary workaround, limit the use of third-party relational databases until a more secure configuration or update is available.