CVE-2007-2149

Name of the Vulnerable Software and Affected Versions Chatness versions 2.5.3 and earlier

Description The issue allows local users to gain privileges and remote attackers to obtain credentials. This is due to the storage of usernames and unencrypted passwords in files such as classes/vars.php and classes/varstuff.php, with recommended permissions of 0666 or 0777, making the files accessible. Remote attackers can exploit this by making a direct request for admin/options.php.

Recommendations For Chatness versions 2.5.3 and earlier, consider changing the permissions of the files classes/vars.php and classes/varstuff.php to more secure settings to prevent unauthorized access. Additionally, restrict access to the admin/options.php endpoint to minimize the risk of exploitation. As a temporary workaround, consider encrypting the stored passwords until a more permanent fix can be applied.