CVE-2006-6679

Name of the Vulnerable Software and Affected Versions: Pedro Lineu Orso chetcpasswd versions prior to 2.4

Description: The issue allows remote attackers to gain unauthorized access by spoofing the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL. This is due to the software relying on this header for verification.

Recommendations: For versions prior to 2.4, consider disabling the use of the X-Forwarded-For header in ACL verification until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.