CVE-2006-2719

Name of the Vulnerable Software and Affected Versions JIWA Financials version 6.4.14

Description The issue allows context-dependent attackers to potentially obtain passwords because JIWA Financials stores usernames and passwords in cleartext in the HR Staff table in Microsoft SQL Server. It also sends these credentials in cleartext to the application's SQL Server ODBC driver.

Recommendations For JIWA Financials version 6.4.14, consider implementing encryption for storing and transmitting usernames and passwords to prevent them from being obtained in cleartext. As a temporary workaround, restrict access to the HR Staff table and the SQL Server ODBC driver to minimize the risk of exploitation.