CVE-2006-1050

Name of the Vulnerable Software and Affected Versions Kwik-Pay Payroll version 4.2.20

Description The issue concerns the storage of the KwikPay.mdb database file with insecure permissions, potentially allowing local users to access sensitive information such as employment and payment data. The vendor has disputed this, stating that the KwikPay.mdb file is a template and does not contain sensitive user information. Additionally, when a user payroll database is opened, the encryption of the database is checked, and if it is not encrypted, the user is prompted to encrypt it.

Recommendations For Kwik-Pay Payroll version 4.2.20, consider encrypting the database to protect sensitive information. Ensure that the database encryption is enabled when creating or opening user payroll databases. As a temporary workaround, restrict access to the KwikPay.mdb file to minimize the risk of exploitation.