CVE-2002-0583

Name of the Vulnerable Software and Affected Versions WorkforceROI Xpede version 4.1

Description The issue allows remote attackers to read temporary expense claim reports via a brute force attack. This is possible because WorkforceROI Xpede uses a small random namespace (5 alphanumeric characters) for these reports, which are stored in the "/reports/temp" directory.

Recommendations For version 4.1, consider implementing a more secure naming convention for temporary reports to prevent brute force attacks, and restrict access to the "/reports/temp" directory to minimize the risk of exploitation.