CVE-2003-1401

Name of the Vulnerable Software and Affected Versions php-Board version 1.0

Description The issue concerns the storage of plaintext passwords in files named after usernames, such as $username.txt, under the web document root with insufficient access control. This allows remote attackers to obtain sensitive information by making a direct request to these files.

Recommendations For php-Board version 1.0, consider restricting access to the files containing plaintext passwords or implement proper access control mechanisms to prevent unauthorized access. As a temporary workaround, restrict access to the login.php file until a more secure method of storing passwords is implemented.