CVE-2002-1479

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 0.6.8

Description The issue allows local users to access a MySQL username and password stored in plaintext in the config.php file, which has world-readable permissions. This could enable users to modify databases as the Cacti user and potentially gain privileges.

Recommendations For versions prior to 0.6.8, update to version 0.6.8 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the config.php file to restrict access to sensitive information.