CVE-2007-0153

Name of the Vulnerable Software and Affected Versions AJLogin version 3.5

Description The issue allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb due to insufficient access control. This is because sensitive information is stored under the web root.

Recommendations For AJLogin version 3.5, consider restricting access to the ajlogin.mdb file to minimize the risk of exploitation. As a temporary workaround, limit direct requests to this file until a more secure storage solution is implemented.