CVE-2007-0543

Name of the Vulnerable Software and Affected Versions ZixForum versions 1.14 and earlier

Description The issue allows remote attackers to download a database containing passwords via a direct request for ZixForum.mdb due to insufficient access control. This occurs when sensitive information is stored under the web root. It is noted that the issue may only arise if the administrator fails to follow proper installation directions.

Recommendations For ZixForum versions 1.14 and earlier, ensure that the administrator properly follows installation directions to avoid exposure of sensitive information. As a temporary workaround, consider restricting access to the ZixForum.mdb file until proper access controls are in place. At the moment, there is no information about a newer version that contains a fix for this vulnerability.