CVE-2006-6890

Name of the Vulnerable Software and Affected Versions: Voodoo chat version 1.0RC1b

Description: The issue allows remote attackers to download sensitive information, including passwords, due to insufficient access control. This is possible by making a direct request for the data/users.dat file, which stores sensitive information under the web root.

Recommendations: For version 1.0RC1b, consider restricting access to the data/users.dat file to prevent unauthorized downloads until a proper fix is implemented. As a temporary workaround, limit access to sensitive information stored under the web root.