CVE-2005-1648

Name of the Vulnerable Software and Affected Versions Gurgens (GASoft) Ultimate Forum version 1.0

Description The issue concerns insufficient access control to the db/Genid.dat database file, which is stored under the web document root. This allows remote attackers to obtain the file and subsequently decrypt usernames and passwords.

Recommendations For version 1.0, consider restricting access to the db/Genid.dat file to prevent remote attackers from obtaining it, or relocate the file outside of the web document root to minimize exposure.