CVE-2004-2398

Name of the Vulnerable Software and Affected Versions: Netenberg Fantastico De Luxe version 2.8

Description: The issue allows local users to determine valid usernames by reading database file names, which can lead to brute force attacks. This is possible because the database file names contain associated usernames and are stored in a directory with world-readable permissions, specifically /var/lib/mysql, which is assigned these permissions by cPanel 9.3.0 R5.

Recommendations: For Netenberg Fantastico De Luxe version 2.8, consider restricting access to the /var/lib/mysql directory to prevent local users from reading database file names and determining valid usernames. As a temporary workaround, restrict the world-readable permissions assigned by cPanel to minimize the risk of exploitation.