Fay Stegerman

**Name of the Vulnerable Software and Affected Versions** WriteFreely versions 0.15.1 and earlier **Description** The issue allows local users to discover credentials by reading the config.ini file when MySQL is used. This is due to insecure default configuration access. **Recommendations** For versions 0.15.1 and earlier, consider restricting access to the config.ini file to prevent local users from discovering credentials. As a temporary workaround, limit read access to this file until a more permanent solution is available.