CVE-2008-1752

Name of the Vulnerable Software and Affected Versions ezRADIUS version 0.1

Description The issue allows remote attackers to obtain credentials due to insufficient access control of sensitive information stored under the web root. This can be achieved via a direct request for config.ini or database.ini files.

Recommendations For ezRADIUS version 0.1, consider restricting access to the config.ini and database.ini files to minimize the risk of exploitation. As a temporary workaround, limit direct requests to these files until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.