CVE-2005-3434

Name of the Vulnerable Software and Affected Versions Archilles Newsworld versions prior to 1.5.0-rc1

Description The issue allows remote attackers to obtain sensitive information, including usernames, hashed passwords, and session IDs, and potentially gain privileges due to insufficient access control of certain files stored under the web root.

Recommendations For versions prior to 1.5.0-rc1, update to version 1.5.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the account.nwd and session.nwd files to minimize the risk of exploitation.