Drew Parsons

**Name of the Vulnerable Software and Affected Versions** ntlmaps versions prior to 0.9.9 **Description** The issue concerns a problem with the post-installation script of ntlmaps, which sets world-readable permissions for the configuration file. This allows local users to obtain the username and password, potentially leading to a breach of confidentiality. The vulnerability can be exploited by a local attacker. **Recommendations** For versions prior to 0.9.9, update to version 0.9.9 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the configuration file to prevent world-readable access until a patch is applied. Restrict access to the configuration file to minimize the risk of exploitation.