CVE-2003-0499

Name of the Vulnerable Software and Affected Versions: Mantis versions 0.17.5 and earlier

Description: The issue allows local users to access the database password stored in cleartext in a world-readable configuration file, enabling them to perform unauthorized database operations.

Recommendations: For versions 0.17.5 and earlier, consider restricting access to the configuration file to prevent unauthorized users from reading the database password. As a temporary workaround, restrict file system permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.